The best reference for the intentions would be the first paragraph of the DNSCrypt website
DNSCrypt is a protocol that authenticates communications between a DNS client and a DNS resolver. It prevents DNS spoofing. It uses cryptographic signatures to verify that responses originate from the chosen DNS resolver and haven't been tampered with.
There is no mention of privacy and you wouldn't expect it due to the SNI issue that you mentioned earlier.
The term "security" is quite a broad one and the security referenced in those security vs privacy articles are referring to national security and the need for surveillance, rather that security in the sense of authentication and verification. You can most certainly have security (The authentication kind) without privacy being a fundamental requirement, which is how public-private key cryptography works. (I.e. The public key is, as the name suggests, public - But knowledge of the public key does not allow a third party to impersonate the private key holder)
Unless I'm misunderstanding the scope of DNSCrypt, the primary usage of a pinned key-pair provides signing (Hence authentication of the server) rather than encryption - Encryption is just a side-effect of using SSL.