Open sourcing it would make no difference. Signal's server is open source, yet the sources are always released late. For a whole year, Signal was running a totally different server code than the one they had made public, they even injected some crypto stuff and not a single person knew what the server was running.
This is the nature of servers. Backend is always unverifiable, even if it's got the latest code available to the public. The only thing open source backend is useful for is self-hosting, not verification.
If it's encryoted E2E, then you don't need to inspect the server side to verify that. And the client is FOSS, anyone can inspect it. (It is my understanding that group chats are not encrypted; I have not cared to verify that one way or the other, but I could.)
Right. If you speak Russian and actually look at what is happening in Telegram, you'd know better. If I was a dissident there and my adversary would be SVR/GRU, I surely wouldn't call it paranoia.
Chances are ALWAYS against regular people.