I've seen posts from GrapheneOS saying that Signal has a large attack surface, they don't sandbox WebRTC, and they handle media insecurely.
The posts also state that memory tagging improves Signal's security, and there's also Molly, a hardened Signal fork (they didn't mention Molly in the post). I was wondering if Molly + memory tagging makes Signal as secure as SimpleX is.
I have a high threat model, and malicious contacts are a part of that. I would like to use Signal, as it's more reliable and feature-rich, but I don't want to put myself in danger using it.