[tialaramex]

OK, so yes, if you steal Alice's credentials AND have control over the co-ordinating server you can trick Alice and Bob into continuing to communicate with you in the middle, and so long as you keep this up it's relatively undetectable.

I think I can see how to repair this (Alice doesn't know Bob's private key, but she does know a long term public key for him, as a result she could periodically and automatically re-verify that she's still talking to Bob and not just someone who has her short term keys and is actively conducting a MITM) but Signal doesn't attempt such a repair and maybe I'm wrong.