that FAQ is accurate but (rightly) doesn't cover high-security deployments.
if I'm running the bridges local-to-the-client (I am, on my McBook) it's not meaningfully any less e2ee. encryption happens in the matrix client (running on the laptop), the encrypted message is sent to the homeserver on localhost, the bridge (on localhost) grabs the encrypted message and decrypts it, then the bridge re-encrypts it and sends it to Whatsapp (or wherever). the content of the message is as secure over the wire with this approach as using first-party apps directly
if one hosts their own bridges they're person-in-the-middling themselves and should take all the necessary precautions. if they're using beeper's hosted options they have to delegate read/write ability to beeper (though I think the signal and imessage bridges might be device-local), and beeper is clear about that.
