It seems a bad idea to remove all the answers if there is even one RFC
1918 address in the set. (Unless may be if it is signed.)

I'm not sure.  The design choice at that point was to avoid modifying any record sets and instead just "fail safely".  Though maybe the main reason was that it was simpler to implement in our case if it should include avoiding this case of referrals to local IPs.

Either way, those delegations do seem in disarray.  dig + trace also complains with lines like

;; BAD (HORIZONTAL) REFERRAL
;; communications error to 10.52.192.140#53: network unreachable