Yes, that's true for a shared domain, yes.
The TXT record points out directly to the final user. True.

On the other hand, DNS architecture allows the user to hide behind a DNS recursive server (from the ISP, institution, DoH providers, etc), whereas it's easier to leak your final IP to the HTTPS server (if you don't user a webproxy).

Different privacy compromises, I guess.