I posted this elsewhere and I said this in my post, but the default setting is actually not the insecure one: https://files.catbox.moe/3gwjoy.png (supposing that previews are stored encrypted when locked which is what the 404media passage implies and nothing to say to the contrary).

This user went out of their way to show previews on the lock screen, that is an OPSEC failure, even if you do not consider the acquisition of the messages digitally.