The communication Signal put out was extremely confusing and unclear which caused a lot of issues. They avoided answering questions about the data being collected and instead focused everything on SVR (see https://old.reddit.com/r/signal/comments/htmzrr/psa_disablin...)

The problems with the security of Signal's new data collection scheme was talked about at the time:

https://web.archive.org/web/20210126201848mp_/https://palant...

https://www.vice.com/en/article/pkyzek/signal-new-pin-featur...

You'll have to decide for yourself how secure pins and enclaves are, but even if you thought they were able to provide near-perfect security I would argue that outright lying to highly vulnerable users by saying "Signal is designed to never collect or store any sensitive information." on line one of their privacy policy page is inexcusable and not something you should tolerate in an application that depends on trust.