A few assumptions are made in some attacks in that analysis, such as “KYCed coins used to open channels.” Also, some of the suggested mitigations are already active in LN implementations. Of course people fuck up. In any case, it’s definitely more private than non-coinjoined on-chain transactions.