> I guess you mean the security model of non-E2E chats. Although you can read into it that they can do MITM, the details reveal that the actual keys/messages are shared into datacenters in multiple countries so no government alone can retrieve plaintext from at-rest storage. To me (especially compared to anything Facebook products) is already much better than nothing. If it's an issue for you, opt in for E2E chats and enjoy!

It's unfortunately not that easy. For one, their promises of sharded keys is something we as users cannot verify, so we still just need to trust them here [0]. WhatsApp, on the other hand, at least attempts to have E2E. Secret chats are an option, but only the mobile clients support them [1] and you can't have them for groups at all. There's also some critique on mtproto, their roll-your-own encryption. I don't necessarily agree, but it's another strange point.

Like you I like the UX a lot and I have some trust in Durovs motivations, but the security model is questionable.

[0] They refuse to open source their servers, but I follow their argumentation in so far as that this would not help since we could not verify that the published source code is the one running on the servers.

[1] At least the official Linux desktop client and the web clients don't.