To clarify, one of the big advantages of a Mesh VPN is that the traffic does not flow through the VPN provider at all. WireGuard encrypts the traffic from device interface to device interface. The connections are point-to-point and not hub-and-spoke. This is both faster and more secure.

If a direct connection cannot be established due to a very restrictive firewall or a messed-up ISP modem, it will fall back to a relay server. But in that case, the relay relays the traffic, but it does not have the keys to read it.

You can learn more here: https://www.wireguard.com/

TL;DR WireGuard itself is a relatively small project at roughly 4,000 lines of code. It has been thoroughly audited and is even built into the Linux kernel.