It doesn't break the privacy of MLS at all. All messages that are sent to relays are done so under ephemeral identities. All REQs that clients do to relays are for arbitrary group IDs that can (and must) change over time; or, in the case of welcome messages, they're REQing for NIP-17 style DMs. The creator of the group also sets the relays that the group will use for these messages so ideally, clients will only allow users to select relays that support privacy features like the "-" tag to stop event rebroadcasting, etc.