The keys are definitely protected with cryptography, both in transit and when deciding whether the message key should be shared with a requesting device.
This latter check is performed by ensuring the identity key of the key-requesting device is the same as the one written down at the point the message key was originally shared with the participant. Unfortunately, it turned out that this check could be fooled with some trickery -- but this is a logic bug and an honest mistake, which is now patched.
Biting the hand that feeds IT
