The blog says more about keeping the user data private. The remote models in the context are operating blind. I am not sure why you are nitpicking, almost nobody reading the blog would take remote code execution in that context.

The MCP aspect (for code/tool execution) is completely orthogonal to the issue of data privacy.

If you put a remote LLM in the chain than it is 100% going to inadvertently send user data up to them at some point.

e.g. if I attach a PDF to my context that contains private data, it WILL be sent to the LLM. I have no idea what "operating blind" means in this context. Connecting to a remote LLM means your outgoing requests are tied to a specific authenticated API key.