When it comes to e2e encryption it's important for the ends to be static (not web apps) and auditable (open source, reproducible builds) because the software running on the ends can trivially compromise anything going trough either of them. It can be as simple as a script being loaded from the server into a runtime such as Lua (closed source app). Or custom javascript delivered (web app).

When these conditions aren't met, any e2e encryption claim can be dismissed out of hand. This does not mean the service offers no value, it just means it cannot be trusted to keep anything confidential.