MLS is certainly not a panacea and it doesn't have any opinions on the transport protocol. This is what I've spent a lot of time trying to come up with.
Yes, you're right, if you use just the MLS encryption aspect of the spec, you're leaving too much available to the relay and that could potentially lead to timing or triangulation/association attacks. Clients that implement MLS based messaging and care about privacy will need to use Tor (or VPNs or proxy relays at a minimum).
I'm implementing all this now and finding lots of little details that have to be managed by the client to do this correctly. Things like rotating your key material as soon as you're added to a group (for PCS), rotating group IDs, potentially using multiple group IDs concurrently, securely storing conversation data on the client, etc.
The reality, I believe, is that these are going to be pretty specialized clients. I'll have library code at the end of this that will make it easier but it's always going to be a significant lift to have strong privacy guarantees.