I can second this, and I'll add that other corners of the bureaucracy also like Signal. From my POV, the interesting part is that the CIA has incorporated Signal into SOP, rather than it being an ad-hoc thing.
It's probably a matter of pragmatism. People are gonna use instant messengers, might as well recommend the least bad one. I've seen it in corporate environments too. If you have locked-down workstations, there's usually some list of free software that isn't officially supported, but doesn't require special approvals.
Yes, the scandal here is not just the questionable security. It is also clear intent to circumvent transparency laws which suggests they may be intending to hide the breaking of other laws.
Using signal with auto deletion is illegal. Creating a fork of Signal for CIA (or whichever) use and then deliberately not removing auto-deletion is really illegal. I think that's the thought process, at least.