fwiw, the ripping-apart here consisted of some legit implementation vulns in the ~8 year old first-gen clients (which were fixed prior to disclosure, obviously) - and one protocol question: should you warn users if a malicious server adds unauthorised devices/users to a conversation, or should you stop it from being possible in the first place (which is Hard, given it means group membership has to be controlled by the E2EE protocol, rather than the communication signalling protocol).

https://matrix.org/blog/2022/09/28/upgrade-now-to-address-en... has our take on it, fwiw.

Fwiw, I believe Matrix (or possibly an XMPP+OMEMO setup) is the only current solution which fits the requirements of the OP.