I didn’t think that meant they control the keys, just that you have to trust that their implementation of encrypted communications is sound and secure. I expected the encryption to be done by clients.
(I, for one, would love it if more projects allowed us to choose our encryption algorithms and strengths, but that is vanishingly rare.)