If a central server can be DDoSed, it doesn't feel like a "secure" service.
If everything's routed through a centralized hub, the hub could serve as a way point for attacking maliciously weakened end-to-end encryption via MitM interception, and collector of identifiers for metadata like device phone numbers.
I vouched for your comment even though I’m not sure if it was killed by downvotes or because your account is new. I think you have a reasonable comment; however, there’s a difference between security and reliability: end-to-end encrypted messages can be routed through a central location and still be “secure” in the face of a DDoS (but not able to function), and a federated service can be hopelessly insecure but still resilient to attacks like these. Telegram by default is not all that secure and centralized, and with their encrypted chats is hopefully at least secure (though I’m not sure if it is with regards to metadata).
If everything's routed through a centralized hub, the hub could serve as a way point for attacking maliciously weakened end-to-end encryption via MitM interception, and collector of identifiers for metadata like device phone numbers.