@thompkath welcome to the forum.
It doesn't. End To End Encryption (E2EE) encrypts the data from when it leaves a user's client until it is received by another of the user's clients. So when the note data leaves a client to sync it is protected from interception by both HTTPS (hopefully!) and E2EE. Whilst the data sits on the cloud storage service used for syncing it is still encrypted by E2EE. Basically, when the data is out of the user's direct control it is encrypted.
"communicated or stored" refers to sending the data to a third-party storage service for the purposes of syncing the clients.
That's true but it is only a problem if the phone's owner has chosen to remove the phone's full device encryption and set it to allow access without a PIN or biometric lock.
I believe that you can activate an app lock on the mobile clients but I do not think that there is any encryption (in addition to the devices own security) associated with that.