The "grudge" comment was based on @mike's comment in the question thread, https://social.umeahackerspace.se/url/29117
"I just find it hilarious that we get so much critique from statusnet/gnusocial". I've got essentially nothing to do with the previous developers ;)
My uncertainty stems from the fact that there's - afaik - no client side encryption (and if there was, it'd have to be in untrustworthy Javascript). If I log in to "any server in the matrix" and thus get a message delivered from my "home hub" via a distributed storage model, the server I log in to will also take part of the message etc.
It is not safe, without rigorous client security, to log in on random servers regardless of the transport security. But I haven't a clue whether this is considered fixed or not in #RedMatrix, so I can't say anything about it. Which is also why I think it'd be nice with a third party security review.