WhatsApp also has the glaring vulnerability that Facebook could at any time reset your key to a compromised one without your knowledge, and WhatsApp will resend any hanging messages automatically upon the change, making any undelivered messages available to the one who has the decryption capability associated with that new key. It's possible they've put in a method to do this without notifying the user. Also, this "automatic resend" behavior means that a physical attack can be made simply by switching SIMs on the phone before the message is sent. It requires some careful timing to be a real vulnerability and anyone using a phone to communicate will certainly opt for a more secure platform for critical applications.