Re Signal and Javascript, Signal offers its code in a signed binary, and
offers the source to that binary for anybody to build and check.
Signal offers source, but given that it's distributing binaries via app stores, there's really no way to guarantee that the binary matches that source code. Open source is great (Expensify.cash is as well), but still requires that you trust the party giving you the binaries.
I don't see your argument here. The only reasonable way to sell something on an app store is to distribute a binary. Meanwhile with the source available, people can build their own clients, and share them via other channels.
Sorry, I failed to notice what you were responding to. Here is information on signal's reproducible builds: https://github.com/signalapp/Signal-Android/tree/master/reproducible-builds You actually can verify that the app from the play store is the one you have the source to. I am not a cryptographer and have no college degree.