I don’t see much issues with privacy or security with a service like this.
They don’t get traffic going through them. They mainly exist to point to an IP. With enough data they have information on how an ISP rotates IP’s and who they’ve gone to.
In your case, with a WireGuard VPS, all traffic goes through the server. That’s a very different setup.
In their case, a request goes to them at a regular interval and they update the IP the dns record points to. That’s it.
When someone requests the domain, they simply respond with an IP. At most, if there’s little caching, they could get frequency of usage.
My biggest concern would be someone scanning CT logs to find hosts with hobbyist grade security. That’s not meant to insult hobbyists, but they might be a juicy target for immediately exploitation after a zero day hits. To be clear, it’s the same for any well known DynDNS domain.
Besides that, I looked at every DynDNS system I could find back in the summer. There were only 3 that I was happy with; Hurricane Electric, Google Domains, and a pair of self hosted Bind servers.
If you want the best, simple solution, and it doesn’t need to be completely free, register a domain with Google domains. If anyone knows of limitations, let me know.
I prefer to use Cloudflare for my DNS including dynamic DNS. I happen to have my domains registered through them but it is not a requirement to use their free tier.
There's no routing of the actual traffic, only basic DNS forwarding. Of course it's not meant for business production services, but it's decent for homelab. Especially considering for how long has DuckDNS been operating.
I ended up going for my own VPS with a WireGuard server for my home server to connect to.