I have some quite sensitive photos, I have 2 places that I often store:
ThanksGoogle Photos by a very large margin. Google and privacy is a very different story but there is no doubt that Googleās security is among the best in the industry.
Happy to know that. And I think it is a PLUS if I store sensitive photos into Secure Folder inside GG Photos, right ? 
Not really. Google is always keen to comply with government data requests since they have big contracts with dozens of governments around the world which they would rather not lose. Now, if you have a great front door but an open window next to it youre not very secure, are you?
If I understand correctly that folder is simply not syncd to the cloud, meaning the contents stay only on your device. Be mindful that google can see anything you store in google photos, except said secure folder but thats simply because its contents arent being uploaded to their servers
You are mixing up security/privacy/anonymity. Googleās corporate politics are something different than the implementation of good IT security practices.
[citation needed]
It syncs to the google cloud
Those dont exist in a vacuum, theyre often intertwined. If personal sensitive data is not private and its whereabouts unknown, then by definition its also not secure.
Now, whos mixing up things? From Googleās viewpoint the data they hold is perfectly secure, they know who theyre sharing it with and do so mostly on their terms, theyre not being hacked on the daily for sure. From a userās perspective its a whole different story
No, not at all needed. Broadly available knowledge does not need sourcing. Still, Ill indulge you, you seemingly never heard of PRISM: https://www.washingtonpost.com/world/national-security/nsa-infiltrates-links-to-yahoo-google-data-centers-worldwide-snowden-documents-say/2013/10/30/e51d661e-4166-11e3-8b74-d89d714ca4dd_story.html
This is me being nice to both of us and avoid having to explain all the different cases here in Portugal that were made on the back of data provided by GAFAM
It used to be offline only but pparently they now also do sync it: Google Photos now lets you sync your 'Locked Folder' private photos across devices | TechCrunch
Still, it only password protects access to it on your devices, people with physical access to your devices cant see it without a password. Google still can
You are literally quoting the event (from 2013) that led Google to considerably tighten up their security and encrypt everything.
Thereās also no need to get personal and combative, please take note of your forum rules: FAQ - Privacy Guides
As mentioned, you can look up all the nonsense that is going on at the moment here in Portugal. All due to whatapp chats courtesy of googleās drive
I dont think I ever got personal or disrespectful. If some nuance in the tone of my comments has bothered you, my apologies. Ill leave it up to you whether its in keeping with the spirit of the rules of this forum to call out people for some discoursive nuance you find disagreeable when theyre writing you in a language thats foreign to them: āPlease avoid: Responding to a postās tone instead of its actual contentā - FAQ - Privacy Guides
They canāt be super sensitive if you feel comfortable sharing them with Google, let alone telegram.
Google is about the worst place to store this with all kinds of scanning and flagging they do on your documents.
You probably want to look at https://ente.io.
So telegram is a better place, right ?
Telegram is a terrible messenger. Maybe have a read on the website?
Telegram is unencrypted by default and the āprivateā chats use a not so well designed encryption protocol.
You basically make us choose between a terrible invasive ad company that doesnāt give a damn about your pivacy and a sketchy messenger that utilizes faulty encryption.
Telegram is not even properly secure, see: Telegram (software) - Wikipedia
Plus they too answer to government requests, like pretty much every other company.
Can I ask for your advice on a storage location?
You can use basically any cloud storage if you encrypt your data first, e.g. with Cryptomator. This way they only get some limited metadata, e.g. when you uploaded, from where etc. If thatās important to you too you can use Tor or a VPN.
Cryptomator aināt free, right ?
The desktop version is.
I use Storj as my main cloud storage that I sync everything to. Itās a decentralized cloud storage which both the client and server side codes are open sourced. All your files are encrypted and split across many nodes. Also, you donāt lose the ability to share your file with others via the web interface.