In the past I have had gmails sent through an alias show the original sending account. (I know because it was to someone trying to get into real estate and so I got sales messages recurring on both addresses).
I visually confirmed the original address was in the full gmail header (click on the extended information in one of the to or from fields). That was a couple years ago, but I'm assuming this is still the case.
So is it possible to use gmail aliases securely? Meaning not have the originating address leak to the recipient? I'm not talking general security involving ip addresses or invisible image tracking, but I suppose if there are other gaping holes it would be good to know about.