The MCP aspect (for code/tool execution) is completely orthogonal to the issue of data privacy.

If you put a remote LLM in the chain than it is 100% going to inadvertently send user data up to them at some point.

e.g. if I attach a PDF to my context that contains private data, it WILL be sent to the LLM. I have no idea what "operating blind" means in this context. Connecting to a remote LLM means your outgoing requests are tied to a specific authenticated API key.