Private routing is on by default now. As of v6 (or maybe v5.8, I don't remember). You're not wrong about channel IDs, but it's a different ID per message queue. With 2 queues, receiving and sending, and each member's pair using different queues, they have very little info to start tracking users, and it would be very hard to identify anyone from that, on a server that has a lot of messages going on.
To me, servers should not even know which messages go in which queues.
The weakness is that there's one main provider for the default servers; SimpleX. It takes manual effort to setup different servers, so as you said, most users are using the default servers. But that's also changing soon as additional providers are being brought in, and their servers will be among the initially configured servers. There's also talk of having a set of randomly-selected servers configured on install so that everyone wouldn't have the same default set.
Yeah, that's a major problem to me. The company should not even run any server. It's too easy for court orders.
Yeah, but a court order is irrelevant. There's no externally useful data on the servers. It's encrypted 16k chunks of data with no way of reassembling and decrypting them. And private routing means the receiving server has no knowledge of the sending IP and the sending server has no knowledge of the receiving IP. The court might as well subpoena toilet paper, which is actually worth more because at least the judge could wipe his ass with it.