[shakna]

Signal's crypto has also been independently audited [0], with pretty encouraging results, and as it is open source, can continually be audited.

Telegram's on the other hand, can't be continually audited, but the MTProto scheme they put together has been found to have a number of flaws [1], and that hasn't changed. They also haven't really allowed third-party audit of their actual code, so there may or may not be extra bugs waiting to bite you.

[0] https://eprint.iacr.org/2016/1013.pdf

[1] https://eprint.iacr.org/2015/1177.pdf

[varispeed]

Being open source it does not mean that the same code is running on their servers.

[shakna]

This is true, but thankfully the security of Signal's double ratchet scheme means that you only need to verify your client to ensure the encryption remains intact. The server can't peek inside.