True. It depends on the particular case. That's why I don't say one or the other. Both mechanisms are useful in specific scenarios.

Devil is in details, but more or less RBF means similar privacy loss as 1 input, 1 output CPFP. Basically you give more hints to the world in a different ways which output was for recipient and which was change.

kristapsk

However, CPFP leads to involving other unrelated utxo(s) which can mean an unwanted/unexpected deanonymization. With RBF, you can just use the already exposed change output for paying higher fee.