Developers put in charge of BDSP. Before Pokémon, their work was all extremely minor support for much bigger studios. So for example, if you’re a big AAA studio and you want to save on precious development time, you might contract out a dozen studios to do busywork, and one of those studios might be ILCA. For example, two people from ILCA are credited in Yakuza 0, but this is as “Casting Cooperation”. Their most major game they’d actually worked on themselves before this was Pokémon Home.
So essentially, you’re taking a small company where 95% of their existing work is as a supporting role to do relatively easy work for other major studios, and the other 5% is Pokémon Home, and you’re telling them “Okay, now remake Diamond and Pearl.”
It’s not, unless they’re some sort of cryptography expert with a peer-reviewed white paper pending publication. The Signal protocol (GPLv3) is extremely robust and has almost no capacity for metadata generation, and both the app and server-side code are under the AGPLv3 (technically if they were compromised they could use different, unaudited server-side code, but refer back to “basically no metadata”). Signal has essentially no capacity to be compromised; they can’t even bait and switch users with a pre-compiled app whose source code isn’t the publicly available one and actually has a backdoor because their builds are reproducible and it would be caught immediately.
Maybe they take issue with the crypto bullshit, which is valid but doesn’t compromise messaging security. Maybe they don’t like that they took away SMS, which I completely agree with, but also actually makes it marginally more secure. Either way, I seriously doubt if they had any mathematical insight into Signal being “compromised” that they would be here hanging around on Lemmy right now.