If there is a possibility that all (or almost all) transactions could potentially have their privacy reversed then it will be as you said most concerning from a user perspective. We do not know whether the Chipmixer retained user data while claiming anonymity but the details will be known as and when the law enforcement agencies release it.
I believe that transaction data is not of the hugest importance as this can all be seen on-chain already. What is most concerning from a user perspective is what resides in the database for sessions, which I assume would include the deposit information, the chips or vouchers relating to that session, timestamps and the usage information. All of which would reverse all privacy that the user assumed they were gaining when they used the service.