The main reason is there is a massive differing in quality of clients, and what XEPs they support. Many actions are not E2EE, and it really depends on what client you’d be using.
The protocol itself was never really designed for privacy, and a lot of those features have been shoehorned in afterwards, https://web.archive.org/web/20211215132539/https://infosec-handbook.eu/articles/xmpp-aitm/
This was our previous reasoning: