Well yeah, it is important to be aware of all the different ways you can leak information. Running your own node to avoid a malicious SPV server solves that problem, but you can still leak information from transaction heuristics, blockchain analysis,  interacting with centralized services,  completing KYC or handing out shipping addresses, and so on.

Just as running your own node does nothing to protect your privacy from using mixed coins and unmixed coins together as inputs in the same transaction, making untraceable purchases does nothing to protect your privacy from a malicious SPV server.