You are probably confusing registry and registrar.
Can the registrar steal a domain ? Well, technically they can.
I have seen at least one registrar quietly repossessing valuable (expired) domains. No auctions, the domain just vanishes to their portfolio
And then gets sold later
While some would call that theft, technically their TOS probably allow them to take possession of abandoned domains. Anyway.
Whether you use the whois privacy service provided by the registrar, or a third party service, there are implications indeed. You are basically listing them as owner in the whois record.
In case of a dispute (eg spam complaint), the registrar could cancel the domain, and close your account, regardless of whether there is whois privacy on. A third party service will not have direct access to your registrar account but may terminate the service to you and lift the whois privacy (then you quickly fix that).
But rather than use privacy, I would incorporate and list the corporation as owner. As you may know, whois data tends to be archived by a number of sites and even indexed in Google, not to mention Icann-mandated data escrow services (ie Iron Mountain). Not using whois privacy leaves an ownership trail.
That being said, I am certain that some registrars are more trustworthy than others. Do research