It’s not suspicious. It’s been talked about for years. People know exactly what the phone number is used for. Easy discoverability, quick and seamless onboarding of new users by providing a way to bootstrap their social graph, and it being very similar to the process of the other biggest player that people just understand. And spam prevention. The phones are not leaked or used for anything else. The other alternatives exist and you are welcome to onboard the people you want onto them if you think it’s simpler.

The code is open, if you don’t trust other people and can’t read the code to understand then hire someone you trust to validate the claims and assure you. But spreading FUD and saying it’s suspicious is not productive to anyone.

Session is the one with broken security.

You should go properly read the requests from law enforcement they have received and exactly what information it contains. It’s public. Then evaluate if it matters for yur threat model. Security doesn’t exist in a vaccum.

It’s libre software. Go host the server and change the clients to connect to your custom server and distribute the the users you need.