It's true that if you constrain the problems enough, ratcheting them down to approximately what we were doing with the Internet in 1994 when we were getting access to it from X.25 gateways, you can plausibly ship secure software --- with the engineering budgets of 2021 (we sure as shit couldn't do it in 1994). The problem is that there is no market to support those engineering budgets for the feature set we had in 1994.
That's just about all I use for messages. Some images, but it's not critical. And if I had the option to turn off "all advanced gizamawhatchit parsing" in iMessage to reduce the attack surface, I absolutely would - and you can bet any journalist in a hostile country would like the option as well.
The whole "zero click" thing is the concerning bit - if I can remotely compromise someone's phone with just their phone # or email address, well... that's kind of a big deal, and this is hardly the first time it's been the case for iMessage.
If software complexity is at a point that it's considered unreasonable to have a secure device, then it's long past time to put an icepick through the phones and simply stop using them. Though, as I noted above, I feel this way about most of modern computing these days.
The issue here is that we aren't saying anything about the real problem. You can radically scope software down. That will indeed make it more secure. But you will stop making money. When you stop making money, you will stop being able to afford the developers who can write secure software (the track record on messaging software written by amateurs for love is not great). Now we're back where we're started, just with shittier software.
It's a hard problem. You aren't wrong to observe it; it's just that you haven't gotten us an inch closer to a solution.
From a "I would like it as simple and secure as possible," ASCII does tick quite a few boxes.
Plot twist: extended ASCII?