Does Exim apply RBL checks to error messages, those with an envelope sender of <> ?

This depends on the ACL configuration. You can test for bounce messages (by looking for an empty sender address) and thereby exclude them from RBL checking if you want. This ACL statement does that:

deny senders = ! :
     dnslist = blackholes.mail-abuse.org

However, some spam does come with an empty sender address, so this may not be a good idea.