The goalposts now seem to be at "someone might subpoena Signal's logs for some metadata", having moved pretty far from the original claim of "Signal's server code hasn't been updated because it has been secretly backdoored or intentionally weakened." It's difficult to see this as good faith security analysis rather than fearmongering.
What difference does this make? In your threat model the only serious countermeasure between you and state-level adversaries is a Logstash implementation?