Agreed. My only thing is that IPC is an integral part of Android, so it's hard for GrapheneOS devs to lock it down without breaking basic Android app functionality.
I guess the biggest thing to say is GrapheneOS does a great job of increasing privacy and security, but it can't do so 100%. The only way to achieve 100% privacy and security is to never use your phone.
Stock Android will spy on you for sure. GrapheneOS will block 90% of the spying (I'm making up numbers as an example). You're much safer with GOS, but tech can only protect users as much as the tech allows.
As long as you're using a computer or a phone, there's no such thing as 100% protection. You could have a profile without Google Play stuff installed, but an app can have Google libraries embedded in it. That app will send data to Google.
IPC is likely to be the least of your worries. IPC requires mutually permissible communication. In practice, that means only Google apps will talk to Google apps. If you need Google Play Services installed, just avoid Google apps. If you can't avoid Google apps, don't give them permission to do anything.
Personally, I have many Google apps installed on my personal secondary profile. Google apps have access to the internet. That's it. No files, no photos, no media, no SMS, no physical activity...
Lock down all apps so they only have access to what they need. Never give apps access to your data. Storage Scopes is one of the best features of GrapheneOS. If a Google app has nothing to access, they have nothing to share via IPC.