Sorry this is a genuine question; I'm not answering it.
I'm wondering if it's an attack vector for a wallet that has access to your x/y/zpub to "mine" addresses similar enough to yours that you wouldn't notice.
The attack might work like this: The wallet works fine for months. But in the background, the adversary is mining receive addresses that share, let's say the first ten and last ten characters (out of I think 38 distinct characters in a segwit address). I think this is more than most people check (I hear often "I look at the last few"). It then gives you a malicious receive address and collects on it. It fakes your "balance" in the wallet so you think you have it.
Alternatively it could wait until it detects you are consolidating, and above a certain threshold, then it does the address swap.