Leaks can happen at any point in the chain. In addition to leak at the service provider itself, for example email servers and the corporate registers themselves can be compromised/breached. But that doesn't make the question any less valid.
Some service providers them are familiar with PGP for encrypting emails, Signal for secure messaging, and most use some sort of encrypted data storage system, but that only protects (to some extent) against malicious actors. It's the rogue employees and corrupt/incompetent officials that are the biggest risk and most common source for leaks.
To an extent, it depends on the nature of the services they provide to you.
If it's advisory only, then you can avoid having your own name disclosed by going through an intermediary such as a lawyer.
But if the service provider is setting up a structure for you, then for the purposes of UBO disclosure, the ultimate service provider still have to know the client's identity. Declaring your attorney as UBO is not only false and illegal, but also dangerous in that your attorney can then take all your assets and you have no recourse.