I think that’s a little nutty. People go to signal for secure messaging. That’s their entire brand. An insecure by default setting is the wrong setting, even if it nets them a lot of tech illiterate users. Compromising the security of the system defeats the entire point of using Signal instead of some other messenger.
By this logic, you, me, and everyone else using the defaults are using bad opsec. Doesn’t that strike you as problematic?
I posted this elsewhere and I said this in my post, but the default setting is actually not the insecure one: https://files.catbox.moe/3gwjoy.png (supposing that previews are stored encrypted when locked which is what the 404media passage implies and nothing to say to the contrary).
This user went out of their way to show previews on the lock screen, that is an OPSEC failure, even if you do not consider the acquisition of the messages digitally.
"Security" is not a binary, but a spectrum along which there are various tradeoffs. The vendor attempts to select the best configuration for its average/median user, and that's almost by definition not going to be the most secure configuration (see: tradeoffs).
I do think there should be some UI somewhere that allows for locking all things down to the most secure configuration possible.