Also an important aspect is that it is open sourced, meaning others can audit it. I'm a little untrusting of people that say "trust me" but also "no, you can't look at it." (unless there is a good reason to hide it, which in this case I do not believe there is)

The thing is, there's nothing to audit.

The world's best audit of Telegram would make the following obvious findings:

1. It's not E2EE by default therefore it's not private and secure by default.

2. It's not E2EE at all for groups therefore it's not safe for use of dissident groups

3. It's not E2EE at all for desktop clients therefore it's not practical in daily messaging.

Any audit of the E2EE part is meaningless when E2EE is so impractical it's not used by users at all.

MTproto is also open source.

Thank you for updating. For those curious this is what I found looking for the source https://github.com/tdlib/td/tree/80c35676a2eb1e9b71db355ee21...

It's based on the concepts of OTR but it has gone in different directions to actually implement those ideas.

(DH-ratchet is still there. 1536-bit FF-DH was replaced with X3DH etc, but the basic idea is still there. Adding hash ratchet for non-round-trip messaging was a good idea, as was pre-keys stored on server. IMO it's fair to say it's been expanded around OTR)