DoH in itself is not sneaky, no more than ping is.
The push to centralise DNS resolution in the hands of a few questionable actors is and this is what is happening.
Cloudflare for example would absolutely love to know what you're up to all day; and because they can now correlate data from their "omnipresent" WAF with the data from 1.1.1.1 they could get some interesting information... And believe you me, they're not sending it to /dev/null.
I'm all for assuming the people who work there are good eggs with the best intentions, but Cloudflare, Inc. is a U.S. company. As I understand the U.S. legal landscape with regards to data and privacy protection, they could be forced to lie at a moment's notice and not talk about it.
So far as I know there is no legal way for the US to make a company lie about its activities. That is the basis of warrant canaries, which have not been tested in court yet. You can find cloudflares https://www.cloudflare.com/transparency/.
They could be forced to not talk about something via a gag order.
I'm not claiming their lying or doing anything internally that is different. There is just nothing stopping the change from happening, now that the possibility exists
Cloudflare for example would absolutely love to know what you're up to all day; and because they can now correlate data from their "omnipresent" WAF with the data from 1.1.1.1 they could get some interesting information... And believe you me, they're not sending it to /dev/null.