I very much agree with most points you're making. I'd however like to place a footnote here;
If you want to just send coins to a mixer site, cross your fingers, and hope that its not a honeypot logging the links between inputs and outputs, then I suggest that you click the links in my signature and try Chipmixer. Chipmixer is convenient, and it unlinks your transactions on the public blockchain. Javascript is not required.
If you want trustless privacy, that is a complicated subject beyond the scope of this topic. The best I can say here is that as Lightning grows, it will render all these questions obsolete for most use cases: Blockchain spies cant trace transactions that never touch the blockchain!
This is still a scenario which one -- who takes his privacy *extremely serious* -- should consider. We have yet to see any proof Chipmixer isn't a honeypot per se either (Though- it'd be pretty much impossible to prove or disprove anyway-). While I might believe that Chipmixer is acting in good faith- it'd be weird for me to tell others they actually are, without any immutable proof.
Therefore, if one is using Chipmixer for anything other than unlinking their inputs for the commonalty and some improved privacy, i'd highly suggest he thinks twice about such a scenario.