The used rsa crate is vulnerable to the Marvin attack and potentitally other side channel attacks. This is being tracked and worked on actively:
rPGP and its RSA dependency received an independent security audit and a security analysis.
Hardening Guaranteed End-to-End encryption based on a security analysis from ETH researchers
All discovered issues have been fixed.
Security Assessment of DeltaChat's RPGP and RustCrypto RSA Libraries for the Open Tech Fund.
No critical flaws were found and we have fixed most high, medium and low risk ones.