so... a bunch of twilio employees had (and still have) exactly the capability that the attackers gained with this phishing attack. As do employees of Signal, Amazon, and various telecom companies, not to mention governments.
"Secure messenger" and "requires a telephone number" are not compatible concepts.