Someone made a compilation of academic reviews and blogposts here: https://community.signalusers.org/t/wiki-overview-of-third-party-security-audits/13243 but none of them seem to be real security audit reports, ex. compare with real security audits to Delta Chat: https://delta.chat/en/help#security-audits
That is kind of naive.
“Allow federation” it’s not a simpke switch, it’s probably a full project of it’s own, and if they only hace X resources for development, taking on a big project like federation might just not be a priority.