You're absolutely right that past decisions focused on ease-of-use over security.
For evidence that they've changed their focus you can see their April 1 blog post[1] and the weekly video AMAs they do that are summarised in their "90-Day Security Plan Progress Report" blog posts.[2]
They're making a lot of progress.
The Keybase acquisition is about building out a strong security team that will help them implement end-to-end encryption in 1,000 person meetings, which currently isn't possible anywhere.[3]