The desktop app still has the vulnerability that was disclosed in 2018. It's not a direct vulnerability in the encryption that Signal uses but if you can get access to someone's computer with malicious software or physical access you can mirror their signal app.

https://www.bleepingcomputer.com/news/security/signal-desktop-leaves-message-decryption-key-in-plain-sight/

The hand waving from Meredith Whitaker saying it's not a problem was odd.