Upon compiling TextSecure from source and installing it on my phone (I don't have the play store), I've discovered it requires the Play Store to do the "iMessage" style messaging over data. I guess the encryption is still done on-phone before being sent through whatever data API, but I still wonder if that (the play store being installed) might enable key-sniffing? Perhaps that's somewhat negated by users having a strong passphrase though?