I think you're missing something here. Suppose the coordinator isn't trying to attack. What if Coinfirm does? According to Wasabi's source code, every non-private input must be authorized by Coinfirm. What if they someday decide to blacklist arbitrarily more than usual, to have their analysis ahead? They're a chain analysis company in the end. Their incentive is to de-anonymize the transactions, how can you trust them with a software that supposedly does the opposite?
You have a point. What if they allow only "illegal" UTXO to participate in a CoinJoin transaction? All outputs of such a transaction can also be assumed to be associated with illegal activity and can be further tracked by Coinfirm. Potentially, Wasabi Wallet CoinJoin can act as a honeypot for criminals because it consolidates all inputs and outputs into clusters convenient for chain surveillance.