Disabling notification preview in the operating system settings doesn't prevent the issue, they're still saved in the database.
The only way they're not saved is to disable name/content in signal itself.
Maybe you're not as capable of elementary logical inference as you thought?
Disabling may be not sufficient (which is pretty insidious), but I still posit that enabling message preview is guaranteed secrecy loss.
But indeed, the idea that disabled notifications are still stored, and not directed to /dev/null immediately, cannot be inferred from just observing the behavior of the phone UI.