The visibility of the IP address is what I am testing right now. We can always make it go through an internal Tor implementation, which I am also testing right now. But Tor won't work for voice and video calls later. But I think that use case is less sensitive of IP leakage since the user approves the call when receiving it. 

Lots to do yet.