Metadata is enough to execute people (by certain country but anywhere in the world--it is immoral for Signal to position itself as secure if it provides such data).
Last I checked Signal was outright lying in their privacy policy which was never updated after they started collecting and storing user data in the cloud. You can't morally market yourself as secure while you lie to your users about what their risks are.