With respect, at first glance it seems that way. The burden of proof lies with the claim to security, not the claim of insecurity.

From your comment everyone can immediately surmise that you lack the practical knowledge of using cryptography for real world applications that people like tptacek and moxie have.

They are known experts and have been quite clear on the questionable nature of Telegram's choice of cryptographic primitives and their composition. Their objection is not 'this is obviously broken'. Their objection is 'this does not obviously work and there are some red flags'. This blog post merely mirrors that objection.

The crucial point is that the past has shown that no proof of brokenness is required. In cryptography, if it doesn't obviously work, it is probably broken, because it is incredibly hard to get right and because an incredible amount of money and effort is available to find the tiniest crack. You are dealing with criminals and governments who have deep pockets. Either you prove it works or you assume it doesn't work. The proof is missing.

I think that most people realized this upon reading your other comment.

You are either entirely unfamiliar with cryptography or you misunderstand a great deal of what you think you do know.