If implemented correctly, the server doesn’t get the key. Look up Diffie–Hellman key exchange for more information on how this is possible. This can be verified by auditing the client so you don’t need to trust Zoom.
> The Diffie–Hellman exchange by itself does not provide authentication of the communicating parties and is thus vulnerable to a man-in-the-middle attack.[1]
Whoever controls key distribution can control the encryption channel; without a way to verify public keys, all bets are always off. You're right that auditing the client is one (if not the only?) way to do this.
This is true, but they are going to help law enforcement with calls that have bad content in them, the only way this can happen is if they have the ability to decrypt the streams or enter calls silently and get the keys.
Edit: Sorry for coming across a little brash, I'm quite a strong advocate of real encryption and this kind dilution of terms makes my blood boil because terms are being diluted and people have trust in something that betrays them.
Whoever controls key distribution can control the encryption channel; without a way to verify public keys, all bets are always off. You're right that auditing the client is one (if not the only?) way to do this.
[1]: https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exc...