Suggestion: Document whether or not relayers could act maliciously by recording all "notes" they process

[PaperHandedPuppy]

I'm mainly asking for myself, but after searching the documentation I found no mention of this. Since you have to submit your "note" to a relayer in order for them to process it, wouldn't relayers be able to behave maliciously by recording all "notes" they process? Similar to a tor exit node recording all it's traffic, except in this case the relayer knows the source address as well!

Or am I mistaken on how the whole relayer process works? Is crypto magic used to hide the source address and the relayer can only see the destination address? I recommend documenting what's going on, and/or just answering my question here please :).

Do any 3rd parties (including tornado.cash webservers) see your "note" when a relayer is used, or is JS crytpo magic used to prevent that? Aside: It seems to me the compliance tool should only ever be run locally.