A security audit would be great, but their most recent request was from Santa Clara county, and several previous ones are also from US jurisdictions. You can read about the content of what they were able to provide to the courts.

They’re obviously private. And if you’re concerned about the app, use the fork Molly.

I guess I don’t see what more a security audit would reveal that we couldn’t deduce by examining the code or real-life examples.