Yes, open federation is terrible for privacy for all the reasons you listed and more. That’s exactly the point here.

If you only share data with trusted parties, that you know will delete comments and data when requested and have the same standards vetting federating parties you do, you can have federation and privacy friendly networking. It’s also the only way to be GDPR compliant when running a Fediverse server as a business.

The protocol is entirely irrelevant here. ActivityPub merely standardised sharing information. The same problems also exist with Matrix, IRC, SMTP, or plain old “sending data over HTTP and storing it in a database”.

Also, Lemmy decidedly doesn’t accept deletes as you may expect it to. Deletes don’t always propagate (probably a bug) and delete requests will leave traces on a whole bunch of servers. It’s not intentional, but don’t expect deletions to work on Lemmy.

Furthermore, deletions don’t actually delete any data, instance moderators can click a button and restore a post even if you hit delete on it!