The service is intentionally narrow. Destinations/config are stored encrypted, submissions are treated as pass-through, there is no persistent message storage at all. The idea is to reduce both retained data and attack surface as much as possible.
On reliability: yes, this is still a third-party dependency in the submission path. So if someone wants absolute control or is dealing with very sensitive data, I’d still say a self-built endpoint is the better choice.
This is really meant for the middle ground: people who want spam protection + delivery handling without maintaining the whole thing themselves.