wallet – understand signrawtransactionwithwallet and the transaction signing process

I would like to understand all the advantages of Descriptor wallet.

I understand that the wallet protects users by not exposing their private keys. But when I use bitcoin-cli listdescriptors true, xprv (enhanced) can be identified, allowing the generation of a full tree of private keys. Isn’t this more dangerous?

The next problem that the explainer tries to solve is that of xpubs rather than unenhanced private keys.

How does the wallet currently sign transactions? I know the command signrawtransactionwithwallet, but what happens in the background? Is the derivation calculated each time to obtain the private key and sign the transaction?