Telegram - unless you deliberately take action and opt out of cross-device sync for individual chats - stores all your messages in plaintext on their server. If you want your chats secure, you will need to convince everybody you're chatting with to opt out of cross device sync. Good luck with that.
This is in contrast to e.g. Wire, [a near-future release of] Riot.im / Matrix.org, and (AFAICT) Viber, which do end-to-end encryption by default and cross-device without compromises. The messaging providers don't know anything about your chats there. This is the way it should be.
There are also complaints about Telegram's "weird" cryptography, although nobody's ever shown anything close to a practical attack yet, and definitely not for the current version of their custom MTProto protocol. The core problem is really in their insecure-by-default service offering.
