I read it's not end-to-end encrypted unless you manually set a password for the specific call. 
Any truth to that?