I know it sounds paranoid, but it's why I don't trust Signal for information that I want to defend against nation-states. In the US, if the govt couldn't circumvent their messages then they would find a way to take it down. Any warrant canaries could be required to be left untouched by secret FISA courts.
Not every threat model is one where the NSA is what you need to worry about. The vast majority of people in the world live in countries were Signal will help protect them.
When lives are on the line, it's dangerous to wait for peer-reviewed papers or solid evidence to come out. Think of how many years the NSA spied on everything before Snowden leaked it. There were rumors for years, but no solid proof. It's better to be more paranoid and have good OPSEC.
I'm not saying I don't use Signal, because I do. It would work fine against cops or the federal government as a citizen. But if lives depended on it, it would merely be part of my communications toolbelt.
If needed, I'd prioritize good OPSEC and prevent association of the communication device with me. Purchase a laptop from Craigslist with cash, disconnect its power when close to an area I frequent. Use macchanger to change the mac address of my device when in use, use a yagi antenna so I don't have to get too close to the open WiFi access point. A host of other activities meant to make association more difficult.
Defense in depth is important. It's also unnecessary for most people most of the time, which is why I generally don't do it and just use Signal for interpersonal communication. But it's still good for people to know that depending on one system like Signal for security has risks so they can make their own determination on if it's worth it to harden their communication systems.
That depends entirely on the need. I would bet that any sort of decentralized chat system communicating to nonstandard servers would be closely scrutinized.
For one-to-one communication, ideally I'd set up either some sort of special code with the receiving end and just use http. If more information relaying is needed, a one-time pad would be good. I'd try to keep the messages short in case there's a hole in the system somewhere. Again, depending on your needs, relying on one protocol like matrix or pgp could be risky. Good OPSEC can make up for a leaky security system.
For one-to-many communication, proxies and device disassociation are priority above all else. You can assume interception of those messages generally.