In the case of single key FHE with server-side processing (the demo setup), the server can never gains any insight, even as an active adversary that can arbitrarily deviate from the protocol because it only has access to public evaluation keys and ciphertexts. The worst it can do is return tempered output to the client, but it doesn't help it learning anything about the client request.