Last I checked, beyond the phones, iCloud backups are subject to warrants and not encrypted or are local backups encrypted. If you get an unencrypted Signal backup, possible to extract the user’s Signal encryption key and rebuild the backups to extract the messages.

Phones themselves are as secure as know vulnerabilities of whatever version of the phone hardware and OS version.