@IngaLovinde while I agree they could have already technically done this, AGPL should be there exactly to prevent this.
When you are using the service you have the right to see the code that is used on the server side. This is no longer happening, and that's why the original poster is concerned.
Their marketing strategy so far consisted throwing FUD on the competition to create the false hope that #signal was the only viable solution for instant messaging that would protect the users' privacy in a transparent way. And they did this while defending their position on centralization and killing any attempt of federation and decentralization along the way.
@danielinux I totally agree on the rest, but: no license in the world would prevent them from running a modified version of the code, unless there is some sort of audit on their servers. Yes, that would be a license violation, but undetectable and unpunishable; companies routinely do that and much worse.