Even if you didn’t want your public notes to go through apns, it’s not likely you could ever prevent that. Once it’s on a public relay somewhere it’s likely it will get mirrored to apns at one point.
The point is that nothing going through a push server should be unencrypted.