Please read deeper, my statement is not restricted to imessage and bubbles and is much more broad, but still to tackle your Apple fanboyism, let me state that you really don't get it. Apple is not secure for you, they are secure for them. Take for instance the case a few years back with the suspected terrorist when California was trying to get Apple to give them access to the phone. It is ridiculous because apple should not even be ABLE to give up your security to any government entity. If devices and protocols are configured securely, then only the endpoints define and control both the encryption and how it is implemented. If a company dictates what encryption is used and controls it, then you are NOT secure no matter what you believe. Message apps, by definition can not truly be secure from the end user perspective unless the encryption algorithm and mechanism is controlled by the user. i.e. add ons at the control of the user or even better, PRE-encryption with peer reviewed, open source, verifiable encryption before it ever even sees any messaging app. Apple pulled off a marketing coverup by somehow manipulating it so that no one ever asked the question, "why is it even possible for you to give up my security in the first place?"
To broaden it back up again, let look at a similar marketing miracle that happened during hurricane Katrina with Tesla. Tesla remotely enabled extended driving range as a "favor" to help people get out of the path of hurricane Katrina and turned into a marketing win. The correct question was never asked "why the fuck do you have access to something that someone else owns in the first place". The answer is that they shouldn't or at the VERY least, there should be government enforced controls that you do not have to allow them access to your equipment (car) after you have purchased it. They should not be able to change anything remotely or in person without the approval of the owner of the device and technically the owner should have that control directly even if they get pissy about it and threaten to void warranties if you cause battery damage.
Security is not security unless it is in the hands of the 2 endpoints and ONLY those endpoints, otherwise it is just fancy, pre-loaded malware that they suckered you into paying for.