Homeservers don't solve this by any measure. If you run your own homeserver, you might have more assurance, but if you don't then you are still just trusting that the operator actually deleted your data and didn't keep a copy.
If the data on that homeserver can be read by others, then you have no way of knowing whether any of them made a copy that could be republished elsewhere.