They're centralizing in social contexts because they're used for discovery and feed subscriptions, but as an RPC transport they're encoded in each noffer and only for ephemeral interactivity, not passively.

They're also not reliant on TLS since you can run a relay without SSL and just address it by IP

From a privacy standpoint, all the keys used in CLINK are wrapped as to not keep a social identity tied or hot on a service endpoint. A node can use as many as it wants for disparate offers/users.

The payloads themselves are encrypted so it's only the kind metadata viewable, but yea NIP42 would be a good add here, actually got a PR for that I need to review on our reference server.