I mean he's not wrong, but also not really the same thing. Gboard does send a substantial amount of data about the things you typed to google. It is supposedly anonymous, but they do this to get anylitics, and they use this data to improve the suggestions given to you.
There has been at least one article where someone intercepted the data leaving from Gboard and found it's either unencrypted or just hashed into something like base64. This was a while back so things hopefully changed.
While google does try not to phone home users passwords, how can you tell what is and isent private?
He likely wasn't responsible for shortening it, Washington post did it automatically when sharing the article. Everything does this nowadays Google maps adds trackers to the url when sharing as well. I agree it's annoying but not many good ways around it.