There was a well known crypto weakness, CVE-2025-52464, that allowed man in the middle decryption of meshtastic traffic. It was fixed by a firmware patch that improved crypto discipline.

Bad randomness in generating keys, for anyone else wondering