I don't know if Signal is completely safe. What if they were required to send out an update to the application that also transmitted data in cleartext to a third party. It would look exactly the same to the user.

As long as you don't have reproducible builds and there is no way for the community to verify that everybody is running the same code (using a separate process that is independent of the application vendor) this is incredibly difficult to guard against.

https://arstechnica.com/tech-policy/2018/12/signal-to-australia-good-luck-with-that-crypto-ban/