Right, but that doesn't compromise the security of the service necessarily.
Users can catch a malicious server injecting incorrect keys by looking at security notifications and comparing security codes. This is part of the Signal protocol.
This may be tedious but only needs to be done in the event of phone keys getting reset (a once in a year event?), as all companion device keys are automatically verified with signatures provided from an account owner's primary (phone) device
> Discord is a close second. But the quality and polish of telegram blows me away to this day.
User experience is, well, subjective to the user. For tech savvy, primarily desktop users, Telegram and Discord can be great choices.
This is however probably not true for the majority of the population.