That's too much confidence you are having in CM.
I justify it. They've been running the most trustworthy Bitcoin mixer since 2017, with no exit scams, no coins sweeped without the user's consent, best customer support, and by doing exactly what they've been saying in their FAQ. Why should I change my stance when I know absolutely nothing about that data, other than it included private keys (which were never supposed to be deleted in the first place)?
What happened to "Don't trust, verify." ?
It might have been taken less seriously, I agree. This incident points out for once more the importance of self-custody. But, nevertheless, some businesses need to gain your trust to operate.