The wc3 model has a few challenges for privacy-preserving applications that are not immediately visible to protocol builders.

1. Holder binding - it is no easy way to prove or guarantee that VCs inside a VP that the holder presents belong to a holder. The holder section of VC is optional, and VC data model is not an authorization framework. It is exciting work happening right now to improve this situation on VC model https://github.com/WebOfTrustInfo/rwot11-the-hague/blob/master/advance-readings/verifiable-credentials-holder-binding.md. Lesson for protocol builders - think for binding and proof mechanism on a protocol level. AnonCreds solve this via linked secrets - ZKP-friendly blind signatures
2. Holder Correlation or, let's say, DIDs correlation. Another side effect of VC model is that it is a natural privacy killer. As far as you force sharing your DID to verify a signature, we could track and correlate a DID with a holder to verifier activity. One recommendation is to use pairwise DIDs and use different dids for transactions, but a side effect of this approach is anormal amount of dids and private keys to manage