Yes you are trusting that service to not steal your Bitcoin or keep logs of your information. With Bob Wallet you never trust anyone with your Bitcoin and your private wallet addresses can not be associated with their public wallet addresses.
From their FAQ page:
Do you know withdrawn private key?
Sadly, yes, we have created them and as long as two people knows private key, either of them can move funds
How long do you keep logs?
Your session lasts for 7 days.
1. I don't understand why we need to send our bitcoin to Public Wallet in your wallet, can't we simply give info such as UXTO/input(s) and output(s), then you give the unsigned transaction, we sign it with our private key then give the signed transaction to the server? Is it because "Chaum's Blind Signatures"?
We are going for the easiest user experience possible and making one transaction to your Public Wallet is the most straightforward. You can use your Mnemonic seed from a previous wallet if you don't want to make that extra transaction but it's more complicated.
2. README.md in GitHub page mention that "Not even the server can figure out which Private Wallet address is yours.", Is it also possible because "Chaum's Blind Signatures"?
Yes. You can read about how that works here:
https://github.com/BobWallet/BobWallet/blob/master/docs/blindlink.md3. Are there any fees for using this service, since other CoinJoin/similar services charge some fee?
There are no fees to anyone other than the standard Bitcoin miner fees for every transaction round you participate in.