Yes. There are ways to mitigate those risks too. The main privacy risk is related to learning about propagation, so providing only old txs that multiple peers have tried to give you would probably be a good mitigation. You could also have nodes opt into mempool downloads, so only a subset would provide this service. Plenty of other mitigations too.

Main thing is now that having a missing mempool is so expensive, it's arguably work putting in the engineering effort to improve this. Previously that was a harder argument to make.