At a certain point it comes down to trust. "They" are the provider of the browser and the OS, they could be capturing every website requested, every image seen, every keystroke and tap and sending it back to their servers if they wanted to. It possible this is all a smokescreen and will somehow cheat and see the raw request but there are easier ways for them to do that.
I am assuming when they setup the QUIC connection they provide the client the public key of the egress server which the client would use to encrypt the request. So even though they control the pipe they can't possibly read the contents. It's the same basic tech that makes it possible for you to communicate safely with a website without everyone in the middle reading the contents. (Above massively simplified of course)
SamHendley
Users receive reputation points by contributing quality content to the forums.
Posts include post and replies published on the forums.
Post authors can mark replies as Accepted to indicate successful solutions.
Apple Developer Forums admins can mark replies as Apple Recommended to indicate an approved solution
From
United States