No personally identifiable information or private account information is transmitted between instances. The only thing that is synced is the content of your posts, reports and up- and downvotes. And all of that serves a purpose and is shared willingly.
But as soon as you interact with literally anyone (or anyone interacts with you) your data is still replicated on other servers.
Your posts are all public and discoverable by web crawlers even if your instance didn’t federate at all. That’s kind of the point of activityPUB
How about private messages which are also unencrypted?
No personally identifiable information or private account information is transmitted between instances. The only thing that is synced is the content of your posts, reports and up- and downvotes. And all of that serves a purpose and is shared willingly.
And the content of private messages.