@IngaLovinde while I agree they could have already technically done this, AGPL should be there exactly to prevent this.
When you are using the service you have the right to see the code that is used on the server side. This is no longer happening, and that's why the original poster is concerned.
Their marketing strategy so far consisted throwing FUD on the competition to create the false hope that #signal was the only viable solution for instant messaging that would protect the users' privacy in a transparent way. And they did this while defending their position on centralization and killing any attempt of federation and decentralization along the way.