Many cryptographic protocols are designed around the security model that assumes an attack will be a remote attacker using cryptanalysis to derive one of your keys (among a set of keys). You can understand why this is, these protocols are designed by cryptographers, and the threat they are always thinking about is a cryptographic attack.

But the real world threat is device compromise. You are at the very least 1000x more likely to be compromised by having your device hacked and all of its keys and data stolen or otherwise compromised.

Therefore, things like the double-ratchet protocol don't really help in the real world. Breaking one conversation key doesn't break the others, but if your device can read all past messages, so can someone that totally compromises your device.

The signal double ratchet protocol is fine. It doesn't make things worse. It makes things marginally better. But I want people to understand how thin that margin really is.