I happened to stumble upon https://en.wikipedia.org/wiki/User:Firefly/checkuseragenthelper.js today - it's a script that uses an API provided on https://whatsmyua.info/ (a third-party site) to format user-agents stored in CheckUser data.
I don't think this sends connections between CU usernames and the UA string though - referer header seems to only send the domain name and not the full path with possible other private information but it's still sending CU UAs (which are mentioned in the privacy policy as being private information) to an untrusted third party.