Yup exactly, their home rolled encryption is problematic in and of itself, but the fact that it lacks E2EE means you shouldn’t even trust it in the first place.