As written in the article, it doesn’t matter if you enable OMEMO or OTR since XMPP produces tons of metadata and stores lots of information on the server in cleartext. For instance, if you always use OMEMO or OTR, server-side parties can still see when you use which device, your group memberships and roles, all of your contacts stored on the server, your contact details, etc. OMEMO or OTR only protects the content of the message.
Some people always say setting up XMPP “is as secure as setting up e-mail.” We would say “XMPP is as insecure as e-mail.” It is basically like using OpenPGP to encrypt your e-mails while everything else is left in cleartext.
A side note here: OTR and OpenPGP have various disadvantages when it comes to security or usability. For this reason, OMEMO is developed. However, OMEMO is still a draft and only adopted by a small number of clients (and some of these clients do not fully support OMEMO).
If you always use OMEMO or OTR + Tor and Tails, then XMPP still produces tons of metadata and server-side parties can still access the information mentioned above. The issue is that XMPP servers nearly store everything in cleartext, and server-side parties can just increase the log level to see everything. In the case of ejabberd, you can even log user passwords in cleartext (it doesn’t matter if hashing is enabled). This is an official feature of ejabberd, not a bug.
Contrary to this, Signal (only one example) implements other measures to avoid most metadata or server-side data is always encrypted.
The security features they list (StartTLS, RSA key, DNSSEC, DANE/TLSA) don’t protect your messages or any other data on the server, but only data in transit (e.g., when your data in transmitted from your phone to the server).
The page you seek is not found at this location.
Besides, there are many vague statements like:
Your IP address may be logged, but we will delete such logs on a regular basis.
(How do they decide when to log your IP address? “Deleting on a regular basis” can mean that they delete their logs every 10 years.)
(What does “we plan” mean? Do they delete their logs or is this only planned for 7 years?)
(Again a “may” …)