They are MitM-ing everything with server-side support. If you're already using Apple stuff I don't think it's any more invasive than what you already get, but I'm guessing GP says that because there's really no need for a server in the middle for most of what gets done. It just lets things run a little more seamlessly without requiring you to be on the same network all the time (or setup something like Tailscale or another VPN). Also the sweet sweet analytics (for Apple).
Presumably AirDrop, iCloud KeyChain and Apple Push Notification Service? I don’t find any of them particularly invasive, but I guess some might not like the device id/auth/centralisation aspects