This isn't a privacy breach at this point though. It's just questionable. The security model of Signal doesn't require us to trust the servers (in theory - in practice, well, you've got the app chain and non-reproducible builds and distribution).
I don't mean to sound pessimistic but "Security in theory" isn't really secure, is it?
I still have way more trust for Signal than I have for say Messenger or Telegram, but I've been burned too many times to take these things at face value.
