An attacker with access to the unlocked device can read the messages in the app the same way the user does. By just opening the app. The fact that Israeli "hackers" have added a routine to copy those local unencrypted messages off the device isn't news.