Privacy Concerns: Vanity addresses, by their nature, can reveal a portion of the private key during the generation process.
No they don't. If you generate them yourself, they are completely private. If you use the split-key method, the other party knows one part of the process but that is irrelevant and does not decrease the security at all. It would only be a security risk if someone else generates your entire private key for you, and you should never use such a key or such a serviceOn computer (CPU), for just 3 characters for uncompressed legacy address, it will take only few minutes like three minutes
Your benchmarks are off. For a legacy 3 letter prefix, I can find ~1,500 in 1 second. 
while 5 words for segwit will take just some minutes too.
Again, I just did ~200 in 1 second.