edit: old
This does not sound right to me. I don’t think Kagi’s Privacy Pass implementation connects you to any of your existing account preferences after authenticating, that would defeat the purpose. I don’t understand why merely acquiring tokens with an “underlying user-identifying credential” affects the privacy properties of these tokens in any way.
Your IP address when you search being the same as your IP address when you purchase is unavoidable without taking steps to anonymize it, yes, but I don’t see how your Kagi searches could be linked to your account if you use Tor and Privacy Passes in this setup.
Or are we saying the same thing and I’m misunderstanding? lol
Oh, never mind, I see what you’re saying now that I have downloaded the extension myself 
Since the extension requires you to be signed in to the browser in order to obtain the tokens, it makes using it privately a lot tricker. If these tokens were portable (can purchase with an account on one device/browser and add it to another device/browser where I’ve never signed in with Kagi) that could also be more useful I’d imagine.
Ultimately I do still think this implementation even in its current form does allow you to use Kagi completely privately if you want, but only if you are extremely careful with your opsec which most people probably will not be.
I don’t really understand why this browser extension doesn’t just let you authenticate within the extension itself, without needing to have been authenticated and have session cookies stored on kagi.com in the browser. That would also help with this issue, but maybe such sandboxing between the extension and the website in-browser isn’t possible(?)