We build Signal in the open, with publicly available source code for our applications and servers. To keep Signal a free global communication service without spam, we must depart from our totally-open posture and develop one piece of the server in private: a system for detecting and disrupting spam campaigns. Unlike encryption protocols, which are designed to be provably secure even if everyone knows how they work, spam detection is an ongoing chore for which there is no concrete resolution and for which transparency is a major disadvantage.
Well you are only trusting that they will deliver your messages right, all their clients are completely open-source and everything is end-to-end encrypted on the client. Even if they wanted, they could not read your messages, and this would also be true even if their servers were 100% closed-source.
Good point too.