There’s also no way to validate that Apple’s E2EE operates as stated. They could have added a backdoor for themselves or “intelligence” agencies, and we have no way of knowing other than “trust us”. Even if the source code is ever leaked (or a backdoor exploited by hackers), it could be written with plausible deniability — in such a way that it could be interpreted as unintentional (a bug/error).
This is why you should never trust closed source code with your sensitive data, and encrypt it yourself using open source, widespread/trusted, audited tools before uploading it to someone else’s computer.