Synology QuickConnect Relay: Not Secure?

Question

I was reading the QuickConnect whitepaper and was overall pretty impressed. But on page 10 it explains how the Relay service works and it’s implied (but not explicitly stated) that packets are decrypted on the Relay Server. They go on to pinky swear they won’t snoop your traffic:

While providing the promised services, QuickConnect makes no use of collected data from registered Synology NAS servers except in delivering such services. For more details, please visit the Privacy Terms on our official website.

As most of you probably are, I can be a little paranoid about Security. My previous setup used a tcp proxy server which allowed for E2E encryption to work natively. That was however somewhat brittle and left a public port exposed. It also added latency. Hole Punching is really cool and does seem to create a encrypted tunnel E2E so that sounds perfect for my needs. A few questions:

1. Is it correct that QuickConnect relay isn’t encrypted E2E?
2. Can I modify QuickConnect to fallback to my own relay?
3. Is my assumption correct that Hole Punching is safer than simply forwarding a public port?
4. Will hole punching work when putting my Synology in my router’s DMZ?
5. In which conditions will Hole Punching not work?
6. Does QuickConnect uses UDP or TCP Hole Punching?

Answer 1

1. It is correct than QuickConnect isn't end-to-end encrypted. It is encrypted from your device to Synology, and then decrypted and re-encrypted for the voyage from Synology to your NAS. That part is necessary (it's how TLS works), but Synology could choose to add an additional end-to-end encryption layer if they wanted (with more work and performance hits). But they haven't.
2. To my knowledge you cannot modify QuickConnect to fallback to your own relay.
3. Most likely hole punching is safer than forwarding a public port (which is a hole that is open all the time).
4. Hole punching would work when putting your Synology in your router's DMZ, but would be unnecessary and would defeat the point of hole punching. The DMZ is exposed to the internet all the time.

I don't know the answer to to 5 or 6.