It could be so easy, just don't use anything related to Oracle. But it's the same as back in the days with IBM - nobody gets fired by buying stuff from Oracle.
An awesome feature for me is this (from their FAQ):
The dots are an indicator for a contact's verification level. They don't affect the encryption strength, but are a measure for the probability, that the saved public key of a contact belongs indeed to that contact.
Level 1 (red): The ID and public key have been obtained from the server because you received a message from this contact for the first time or added the ID manually. No matching contact was found in your address book (by phone number or email), and therefore you cannot be sure that the person is who they claim to be in their messages.
Level 2 (orange): The ID has been matched with a contact in your address book (by phone number or email). Since the server verifies phone numbers and email addresses, you can be reasonably sure that the person is who they claim to be.
Level 2 (blue): This verification level is only available in Threema Work; it indicates that the Threema ID belongs to an internal company contact.
Level 3 (green): You have personally verified the ID and public key of the person by scanning their QR code. Assuming their device has not been hijacked, you can be very sure that messages from this contact were really written by the person that they indicate.
Level 3 (blue): This verification level is only available in Threema Work; it indicates that the Threema ID belongs to an internal contact whose ID and public key you have verified by scanning their QR code.
You're right, the UI maybe could have been a bit more intuitive.
However, the setup is far from rocket science and could easily be improved by the developers.
And yeah, it may only have 1% of users but thats's only because 95% have WA...
It's a choice about freedom and you have to start somewhere.
I converted more than 50% of my contacts to Threema - the rest has expensive phones but obviously no money to protect their privacy.