So it's trivially identifiable whose outputs are whose based on the observed offers?
I have been wondering that too.
Coinjoin itself protects transactions on blockchain only. However it requires someone to log all transactions 24 hours / day.
It is one improvement which should be done some day. The offers should be encrypted, so only the participants can decrypt all inputs. Then it would reveal only one address, and that might be generated to be used only once, maybe with 0 output. Other possibility would be to share the offers throught encrypted channel.
Any other ideas to improve it?