For that scenario you 1) download the code, 2) verify yourself what is inside and then 3) compile. (optional 4) Subsequent versions check on the delta of changes.
There is a cost to your time/effort in performing this type of action that is proportional to the criticality of your context and the level of trust you place on the providers.
To deploy it I think you mean on a vps. Now all your searches by Searx will be routed to other engines with the IP of your vps. So unless you deploy it with something like gluten to provide VPN access for searx. You will let those engines build profile about you. If you use the public instances so that more people are using it you don't know if they are running the unmodified source code.
Id you go with the route of VPN with sear then you probably use VPN with search engines like DDG directly. And don't save cookies on the browser.
You display enough technical pro-efficiency on the topic but then you try to compare as equivalent the usage of SearX or DDG, ignoring that only one of them has the source code available for review. If you are affiliated to DDG, please disclose openly.
If you honestly are _THAT_ worried about IP tracking on the server level, then you would run SearX inside your local machine with Tor or any VPN of your choice. Simple.
For that scenario you 1) download the code, 2) verify yourself what is inside and then 3) compile. (optional 4) Subsequent versions check on the delta of changes.
There is a cost to your time/effort in performing this type of action that is proportional to the criticality of your context and the level of trust you place on the providers.
TLDR: The less you trust, the more you verify