Leaked to whom though? That's what I don't get. No human is involved in the process and your information is in the hands of the same company as before.
That's a lot of trust in a black box coded by humans. What's going on under the hood with their Smart Compose? Smart Reply? Smart Labels? It all requires processing very very personal information, and you simply can't vet whether it's all handled securely.
Sure, you're trusting their code is bug free. That's just (lack of) faith on your end. The fact that you decide not to trust their competence certainly does not logically imply that they are invading your privacy. It just means you need to trust their competence or take your business to some company you deem more competent. (Though exactly which company would be more competent in infosec is quite the question, but I digress.)
No, it's a lot more than just trusting that their code is bug-free. It's trusting that they're actually only doing what they claim to be doing with your data.
The only solution is to have the code open sourced with reproducible builds and a checksum to verify it against. Pretty much every GApp has a free, libre, open-source alternative that respects your privacy in this way.
Even that: if you lack trust on your part, that does not imply what someone else is doing is an invasion of your privacy. If you claim someone is invading your privacy, that is an accusation... a serious one at that. To support it you need to actually describe how that is happening, not merely how you have problems trusting people who deal with your information. I don't see how this is not obvious.