I don’t think we understand very well the threat model here. Are we talking about having a Mozilla account or the web engine itself. If you have an account they will probably start doing mining shit with it. What about activists researching certain topics then? The content browsed can be visible to Mozilla if they use their account for syncing bookmarks. That should be a dealbreaker right there. No different than Meta user-profiling the fuck out of your engagement behaviors. Now if this is NOT the case and you haven’t a Mozilla account, I assume that the version of the web engine available back at the time of the fork is exactly the same. So far so good.
The problem is that browsers are hard, and there is a ton of web protocols to be implemented, various fixes for security, support extensions and other QOL features. WORD ON THE STREET is that tasks like these cannot be undertaken as solo/hobby projects, that funding and an organization structure is essential. The teams behind LibreWolf, Waterfox, etc have a track record of already lagging behind Firefox’s version updates. Same goes with user-profile and configuration sets like Arkenfox (if I am not wrong). You may tweak the conf all you want, but if privacy and anonymity is compromised at the web engine level, these forks will be left with little to do about it. Then the only option will be to keep using an old version of the web engine (sacrificing security and quality of life extensions), or ditching the gecko web engine altogether.
That is why people are looking for genuine alternatives to the web engine.
Note just to be sure, Mull is a different thing than Mullvad. What you wrote makes sense for Mullvad, but I am not so sure if this is the case with Mull, the mobile app.