A mistake in the process used by the Signal Desktop application to encrypt locally stored messages leaves them wide open to an attacker. […]

from https://www.bleepingcomputer.com/news/security/signal-desktop-leaves-message-decryption-key-in-plain-sight/