pull down to refresh

I see 3 elements here:
  1. The code for the contract (open source code)
  2. The chain implementing and executing transactions with the contract (eth chain and eth miners including transactions that interacted with the mixer)
  3. The URL and corresponding hosting that provides an endpoint to a UI for the contract (the now closed site https://tornado.cash/)
If the accused people did not have anything to do with point 3, then it is unjustified. If OTOH they were actually running the service URL, that would be more complicated. IMHO.
That is why centralized services have risk.
I do not know how Wasabi and Whirlpool services work. If they are only a feature of a p2p application (like Bisq) then the risk will be very low, but if their services have some kind of central coordinator or something, then they are also at risk.