What I'm telling you is that the same broad categories of issues you mention (i.e. "There could be a flaw") are exactly applicable to off-chain methods as well as on-chain methods. None of these have been "proven secure" and likely never will. For example, are you aware that most of the basic cryptography primitives that underlie Bitcoin or other systems have not been "proven secure." They are used because they have been analyzed to death and no fatal flaws have yet been found. That's how these things work.

Specifically on the question of off-chain anon, mixers and relays can be compromised or impersonated or sybil attacked, or subjected to timing-based attack and post-mixing, transactions can be unmixed by various forms of analysis. These are all known and demonstrated problems, plus there might well be other ones. Chain or no chain there are attack vectors and potential attack vectors. You're confused if you think one has been shown to be "more secure" (whatever that means) than the other at this juncture.

But hey, feel free to support your favorite projects, BTCD or whatever. Nothing wrong with that.