The evil regime doesn't need to have a popular evil VPN that everybody uses... it may be enough to operate (or hack) a smaller VPN which can unmask enough dissidents that their friend-groups can be found by other means.
If I was the US government, I'd push Google Play to offer compromised updates of Signal silently to a few people I was interested in. Even among the highly-technical, who is going to be inspecting binaries installed on a phone regularly?
Does Signal even have reproducible builds? How do I know the code matches the binary?
I'd make my own messenger.... but I don't have the money for that at all.
I wish these risks could be split up and handled separately - Suppose I run a private dark network for me and my friends, and then the GUI for chatting over it runs in a sandbox where it can only message servers that I control, using public/private keys that I control.
Conflating a million lines of Java GUI code with "Noise is a simple and secure protocol" seems like a big attack surface.