Why not XMPP?

I see almost everywhere XMPP is good, secure, etc. And I personally love how it works.

But it’s not recommended on PrivacyGuides. Is it because it’s not easy for beginners or is there a security flaw I missed ?

The main reason is there is a massive differing in quality of clients, and what XEPs they support. Many actions are not E2EE, and it really depends on what client you’d be using.

The protocol itself was never really designed for privacy, and a lot of those features have been shoehorned in afterwards, https://web.archive.org/web/20211215132539/https://infosec-handbook.eu/articles/xmpp-aitm/

This was our previous reasoning: