"Secure", particularly when used in the casual general public sense, is a pretty overloaded term. All real security is in the context of a specific threat profiles, and makes tradeoffs vs other required functionality. Signal is definitely "secure" in the sense of its core cryptography and design, and it's aimed to be of practical value to the global general public. But that requires being able to scale massively, making authentication more convenient and leaving more up to the users, who won't tend to have their own sophisticated centralized auth system, IT support, and constant life/safety critical stuff being thrown around. Signal provides tools that can be used for better assurance in who you're talking to but it doesn't simply take that out of users' hands entirely because for its use case that simply isn't feasible.
For small vetted group top secret conversations by a sophisticated organization, it makes more sense to have something where inviting anyone who hasn't already been brought into the magic circle with physical interaction is simply impossible. If technically unsophisticated users are important, ideally one would have fully vetted tech support who will be monitoring all participants and doing the verification work for them. All managed via central systems and heavily walled off with multiple layers from crossing between high and low sides. If they want to talk to the general public, they should use physically different devices. Worse scaling, far more friction, but that's OK for top levels of a big organization in the context of extremely sensitive information.
Signal is a tool and a decent one, but no tool is good for absolutely everything and trying to use a hammer as a saw isn't a defect in the hammer it's a problem with the user/organization trying to do something so foolish.
For small vetted group top secret conversations by a sophisticated organization, it makes more sense to have something where inviting anyone who hasn't already been brought into the magic circle with physical interaction is simply impossible. If technically unsophisticated users are important, ideally one would have fully vetted tech support who will be monitoring all participants and doing the verification work for them. All managed via central systems and heavily walled off with multiple layers from crossing between high and low sides. If they want to talk to the general public, they should use physically different devices. Worse scaling, far more friction, but that's OK for top levels of a big organization in the context of extremely sensitive information.
Signal is a tool and a decent one, but no tool is good for absolutely everything and trying to use a hammer as a saw isn't a defect in the hammer it's a problem with the user/organization trying to do something so foolish.