The backup is secured with "a strong key", implying that all PFS guarantees go out the window regardless of the PFS algorithm used to send the messages in the first place. Signal had great guarantees by how they both enforced a single client and was limited largely to screenshots as backups, now you'll never know if the person you're talking to has a full backup in the cloud, with metadata to match the actual conversation times, destroying the repudiability (i.e. plausible deniability) feature.

Whats to say they didn't take screenshots of the conversation that got backed up to Google Photos or iCloud anyway?

I dont think this changes anything, in regards to a malicious(/incompetent) recipient.

Screenshots can easily be forged.