If you really want security, do it yourself. If you're not generating the keys, storing them locally, and performing the encryption/decryption yourself, you're trusting somebody else to do that for you. What makes you trust those people to do that.

I personally use Signal every day, but I only trust it to keep my cellular provider from being able to read my texts. For anything more than that you need GPG.

Wow. Signal just copy/pastes the OTF's encryption into their app. See here: https://www.opentech.fund/results/supported-projects/open-whisper-systems/

No surprise here....

If you are a state that has basically infinite supply of money, have secret people that can kill others without due process

how difficult is to have young recruited to be double agent ?

not difficult at all

In theory, the great thing about open source is you can inspect it yourself for holes. It seems like the USG would not work on something they can't access themselves, but they can also intrude on closed source software, in ways you cannot discover.