Threema Audit: Messenger Threema resists security check (almost) without incidents New Threema audit March 28, 2019 https://threema.ch/en/blog/posts/audit19en Security Audit Report - Threema 2019 (PDF - 975 KB): https://threema.ch/press-files/2_documentation/security_audit_report_threema_2019.pdf
They claim to only use PFS on the transport layer. Is this really as secure as using it on the messages itself, like Signal does?
Imho certainly not. The point of end2end crypto is that you don't have to trust the server, so if you don't trust their server(could be multiple reasons; -someone on the dev team might not be trustworthy, -subpoena's for backdoors, -servers getting confiscated, -server hacked etc.) you basically don't have PFS with Threema.