[tptacek]

Until very recently (weeks not months), Matrix servers controlled group membership, and could add arbitrary accounts to your group without permission, thus allowing them to decrypt messages to the group. Matrix servers could also silently add "devices" to your account.

https://nebuchadnezzar-megolm.github.io/

[cvwright]

Matrix servers still control group membership, and probably will for a while (ie, months).

The vulnerabilities that allowed such users and devices to steal keys have been fixed.

[tptacek]

Control of group membership in Matrix is control of key distribution. That's generally how group secure messaging works. The vulnerabilities didn't allow unauthorized group messengers to "steal" keys; it added unauthorized members to groups, which causes authorized group members to negotiate key relationships with them.