I’m surprised this article doesn’t mention privacytests.org by name, but it reaches a conclusion that may as well:

If you see a dumb checklist trying to convince you to use a specific app or product, assume some marketing asshole is trying to manipulate you. Don’t trust it.

Thankfully there’s a good recommendation in the very next paragraph for all things (messaging apps, browsers, etc):

If you’re confronted with a checklist in the wild and want an alternative to share instead, Privacy Guides doesn’t attempt to create comparison tables for all of their recommendations within a given category of tool.

Also: shots fired at XMPP throughout, as the poor protocol limps along trying desperately to catch up to the encryption baseline that was set over a decade ago by the first versions of Signal.

Ultimately, both protocols are good. They’re certainly way better choices than OpenPGP, OMEMO, Olm, MTProto, etc.

Why OMEMO is “bad” is indirectly answered earlier:

The most important questions that actually matter to security:

• Is end-to-end encryption turned on by default?
• Can you (accidentally, maliciously) turn it off?

If the answers aren’t “yes” and “no”, respectively, your app belongs in the garbage. Do not pass Go.

Similar discussions have skewered the federated Delta Chat for having an even worse version of this issue.