[leshow]

They don't have the ability to flat out read messages. If they were to impersonate a contact, you would see that the key had changed (assuming you had this on) and you could choose not to talk to that contact until you verified.

[folex]

That's what I understood too. AFAIK, they only could 'break' contact, and not control the actual public identity key, so no way to read user messages.