[jopt]

The second option (MITM through access to the public key server) is not comparable to the first. Targets would have to be singled out and surveilled in advance of the messages, which actually lends itself pretty well to the sort of due process surveillance that law enforcement is generally trusted with.

It's not unthinkable that the NSA could access iCloud backups (with some sort of FISA rubber stamp). Access to everyone's backups is much more conducive to dystopian mass surveillance than the key server's tradeoff of vulnerability to MITM.

The OPs first point is a lot stronger than the second. Distributed backups are probably bad from a privacy/security perspective. That seems like the better point to make, provided we understand that iMessage is not a guarantee of complete safety from any surveillance.

[StavrosK]

How do we even know that the backups aren't encrypted? For all I know, the author had a second iDevice and it shared the key with the first one when the latter came online. That way, the key never leaves your devices, but you can still sync your messages.

Is there a way to access the messages on iCloud itself (i.e. the web interface)? That would be much stronger evidence that Apple can read it.