The custodial-web wallet shape adds a wallet operator to the threat model. This is documented in §15.12 of the peer-attestation protocol specification. In short:
You are choosing to trust this wallet operator to hold your credentials and signing key.
The operator can, in principle, see every presentation it signs and could in principle be compelled to log them. The published logging policy commits not to do so.
If the operator is breached, every credential and key it holds is at risk. Recovery is operator-level: you re-issue credentials at a different operator under a new key.
Authentication events are themselves a partial activity record. Even with the no-content-logging commitment, the operator necessarily sees when you authenticated.
Custodial-web is not the right default for users in high-risk contexts. See the high-risk-context guidance.