So would you say then that it’s perfectly safe to send plaintext traffic between services over Defguard instead of also using mTLS?

I still wish that Defguard had an option where peers only used the public gateway to retrieve their p2p ACLs from the control plane but otherwise traffic flowed directly.