This is assuming the point of not having disks is to keep the confidential data in RAM.
The problem with disks is they're hard to securely erase. Some NAT mapping gets written to a log or swap file and then you overwrite it but the device silently reallocated that sector and the old one is still there. DRAM doesn't do that. Then if you e.g. power cycle the machine once a day, it never contains data more than a day old.
Mullvad's RAM-based architecture is more of a "look, we can't accidentally log things, we don't have disk to log things on" than "there's no way to capture the secrets this particular server holds".
I guess their OS could defend itself from something like this by actively deleting any potentially compromising customer data as soon as it loses it's connection to the internet. No idea if it does though.
The design of their diskless architecture (where everything is provisioned to RAM on boot, and no data needs to be stored at all), and the nature of their service, likely means that they could be even more sensitive, eg, reboot on a minimal acceleration from an internal accelerometer, minor power irregularities, momentary internet outage, etc.
I presume it wouldn't be difficult to argue that as soon as you shut off a server to transfer it away, things they're looking for would be lost.