The question whether their Crypto is bad is still out IMO - these recent findings still don't seem to be that big of a deal to me - as with all other IM services I have to trust the service provider for their integrity - yet here I have an alternative provided by a non-profit organization with some scientific credentials that offer an open API - as opposed to Skype, WhatsApp, Facebook et al. We currently use Skype for business purposes, but Microsoft's investment away from P2P makes me think that for privacy reasons alone, it's a bad idea. I'm always open for suggestions, but so far I haven't found anything really viable (well designed clients, well integrated encryption, open APIs). That's why I'm excited for Telegram.
On OSX I'm happy with Adium, but last time I've used Pidgin it was a lot of work to configure it the way I want. That would still work for me, but to roll it out for an organization it would meet quite some resistance. So the problem with XMPP for me is the client situation.
> So the problem with XMPP for me is the client situation
... which is fixed by a better client. That requires skills, but different ones from designing a new crypto protocol.
Given the PR efforts of the telegram people, they might actually be better XMPP+OTR+TextSecure+... client implementers than crypto designers (and maybe even better client implementers than most of the people who build clients right now since the situation _is_ bad).
I agree with that. Why they didn't go with this route is something I'd like to know as well - Telegram's FAQ is quite vague on this issue. But still, I prefer a reasonably secure service with great clients on all platforms, over a perfectly secure service with ugly clients that I can never 'sell' to decision makers.
Building an encrypted IM service with bad crypto is like investing in blacksmiths in the early 1900s.