The document describes the Message Layer Security (MLS) architecture, and includes a very thorough and comprehensive analysis of the security and privacy issues in section 7, including recommendations. Considering the length and the breadth, it is not surprising that I cannot find anything missing.

A few nits:

The document uses terms that are not defined within the document: 
* "MLSCiphertext" appears in section 7.1.1 without having been defined earlier. That's probably acceptable because it is defined in the protocol document which is a normative reference. Still, such terms are commonly redefined. 
* "Anonymous credentials" are mentioned without having been defined in either this document or in the protocol document. It *is* a term that is used occasionally, but AFAICT the only IETF document that defines it is RFC 4949, which is (a) not referenced here, and (b) defines it as a USG term, and (c) says that Internet drafts "SHOULD NOT use this term"

Section 7.2.3 defines "deniability" and then says that "MLS does not make any claims with regard to deniability". So why do we need that paragraph?

The document includes three instances of the adverb "extremely" and five of the adverb "very", all in section 7, and I don't think they are necessary. Better yet, some of them could be replaced with actual measures. For example, "MLS avoids needing to send the full list of recipients ... because that list is potentially extremely large in MLS." How large? 5? 1000? A billion?  In other cases, "...clients have the extremely important role of deleting appropriate keys..." just sounds like a new formulation of SHOULD. I don't think those adverbs are necessary. Interestingly, the protocol document has only one instance of "very" and it is expanded to a measure: "The use of variable-size integers for vector lengths allows vectors to grow very large, up to 2^30 bytes."