All of that is true, and remains true if they're using a bridge service as well. The bridge service is strictly reducing the security of messages.
Look, I'm not up in arms or anything, I just can immediately see a drawback to bridging Signal specifically. There exist many other services (Telegram, Slack, Discord, the list goes on) that can be bridged to Matrix without compromising the security posture in any terrificly meaningful way, IMO. So the idea is great in principle.
> The bridge service is strictly reducing the security of messages.
Perhaps in some sense, yes, but in precisely the same sense that you reduce the security of your messages each time you send a new message, or each time you start a conversation with a new person, or each time any of your contacts reads a message on the train where someone might be looking over their shoulder. None of these things strike me as a meaningful reduction in security, at least in the threat models that are appropriate for most average people (namely where you don't expect to be personally targeted by an attacker with resources).
The Matrix bridge service is compromised (their infra has been successfully attacked before, and other similar platforms have had catastrophic data breaches as well)? That doesn't require a targeted attack, involves complete history disclosure and probably far more metadata than Signal even stores on their servers.
Look, I'm not up in arms or anything, I just can immediately see a drawback to bridging Signal specifically. There exist many other services (Telegram, Slack, Discord, the list goes on) that can be bridged to Matrix without compromising the security posture in any terrificly meaningful way, IMO. So the idea is great in principle.