This isn't really a vulnerability imo. A bit overblown news.
I thought Signal was fully open source, but maybe not according to Molly?
Also, I was not aware of this vulnerability in Signal desktop: https://www.bleepingcomputer.com/news/security/signal-downplays-encryption-key-flaw-fixes-it-after-x-drama/
It looks like Molly adds a passphrase to protect databases in really old versions of Android that don't have a keystore, but otherwise I'm not sure it's necessary (and users might think it's a nuisance).
Discussion
I travel with my laptop, so it can be stolen rather easily. The thief can then read all of my private messages at their leisure. I expected better security from Signal. Sure, I can take additional steps to protect myself, but I didn't know I needed to with Signal.