All true. But where are the sources of Telegram server? They are not open source, simply! What are they actually doing with our messages? Only they know. And they can read them because by default there's no E2E encryption.
would it matter if the server was open source? You'd know have no proof what is what they run on the actual server anyway, nor can you use a custom server.
It can matter if you can trust them to do the proper thing, i.e. if you assume they are not a malicious entity. In this case, checking the server source code can give experts insights about possible security risks.
If you assume they are malicious, (a) I wouldn't use their product in the first point, and (b) of course they can do whatever they want independently from the published code.
