Reached for comment, a spokesperson for Telegram disputed that data is stored in plain text on the company’s servers, saying “everything stored in Telegram’s cloud is securely encrypted.” The spokesperson also said, “This kind of FUD is not surprising, coming from a minor competitor (and typical for this one). That said, we can confirm that we have neither developers, nor [servers] in Russia and we don’t see any of the mentioned risks.”
Okay, so, the spokesman said, a. No Telegram developers are in Russia, and b. There are no Telegram servers in Russia. Pretty straightforward, right?
...Except that's not what Marlinspike said at all. What they actually said was,
Every msg, photo, video, doc sent/received for the past 10 yrs; all contacts, group memberships, etc are all available to anyone w/ access to that DB
Many TG employees have family in Russia. If Russia doesn’t want to bother w/ hacking, they can leverage family safety for access.
The Telegram spokesperson didn't actually address any of the claims made by Marlinspike. They didn't even talk about having a database that stored messages, and then strawmanned the arguments about how Russia could gain access to said database. It's not the FSB knocking on a developer's door demanding access to the database, it's the FSB calling a developer and letting them know that their uncle is in custody, and something bad might happen if they aren't given the access they're asking for.
Seriously, don't use Telegram for anything that needs to be secure.