But that's not true. We can verify a Cloud Chat message is wrapped in a key generated on a user's device. You can look at the client code and prove this. We can also prove that client-server messages must be decrypted on their way back to a user's device. [1]
[1] https://core.telegram.org/mtproto#authorization-and-encrypti...