Matrix treats all chats as chatrooms, even 2 people chats. This is promoted as a simplification, but maybe it's a security problem. If a protocol only allows 2 people to chat, harder to exfiltrate the messages
Encrypted chats need device/key verification/permission before the receiver can see any message contents.
Even if Matrix were to limit chats by protocol, a malicious sysadmin could probably fake a cross-signed device if they had access to the client like this. I don't think this is actually a problem, a chat room is as good a representation as anything.
As the sibling implies: it doesn’t matter if the conversation is limited to 2 users - it’d just shift the attack adding a ghost device to one of those users, which is equivalent (and arguably more subtle) than adding a 3rd user to the conversation.
