Obviously the remote code could send the data to whatever three letter agency the operator wants, so the remote operator need to publish the server's code. But how do you prove that the remote operator is running the code they claim they are?
That's what SGX does, it lets remote systems provide a cryptographic proof that they are running certain code. Including the ability to have a private key protected by the SGX, so you can public key encrypt your data, send it to the remote server, and know that only the code they've already published is processing your data.
But presumably now the SGX root key is published, anyone can still do all of the above, but in a simulated machine rather than on legit intel hardware, which means they see everything that SGX is supposed to hide from them.
That's what SGX does, it lets remote systems provide a cryptographic proof that they are running certain code. Including the ability to have a private key protected by the SGX, so you can public key encrypt your data, send it to the remote server, and know that only the code they've already published is processing your data.