Great, that just leaves the possibility that the system to install keys will itself be compromised, perhaps something like happened a few years ago with a downgrade attack to the old USA “export grade encryption” back when crypto was counted as a munition. The use of e2e encryption started to become a general standard in chat apps precisely because centralised keys proved to be a weak point after Snowden.
As for revocation: https://news.ycombinator.com/item?id=29642783
Snowden got a lot of data without anyone stopping him. The risk is what if he’d been malicious instead of a whistleblower?