The code is open, if you'd like to decide for yourself: https://github.com/signalapp

It is definitely a pot of honey now for intelligence agencies who are going to crack down on it to break it since everyone is moving to it now.

Still protected by the math?

All the three-letter agencies already knew they had these tools available, GPG, veracrypt, Signal, etc.

Now it's just impossible for governments to whole sale eavesdrop on conversations. If they want access it now has to be targetted, and most likely device specific which is harder.

Sure but the math alone won't protect it. I'm thinking more of bugs in the program such as buffer overflows etc. that can potentially be exploited. They don't even have to exist in the Signal code itself but one of the libraries they use. Everything will be scrutinized increasingly heavily now.

Moxie had better preemptively order up some new code reviews.