From what I gather
Pros
1) End-to-end envcryption
2) Do not require email or handphone number for verification during registration/sign up. Threema will generate an ID for its user so 100% anonymity is guaranteed.
3) The "read"-indicator and the "is writing"-indicator can be turned off for better privacy
4) Pay once for a lifetime license
5) After being delivered, the messages will be deleted from the Threema servers
6) The private key can be encrypted using a passphrase
7) Threema uses only permissions it really needs to work. The camera and microphone permissions are outsourced to separate plug-ins.
8) Address book synchronisation is optional
9) To ensure maximum security, both the connection between the app and the servers and the one between the parties communicating with each other are encrypted separately. The former is especially important as anyone capturing network packets (on public wifi for instance) can’t figure out who is messaging to whom.
10) Threema provides forward secrecy on the network connection (not on the end-to-end layer). Client and server negotiate temporary random keys, which are only stored in RAM and replaced every time the app restarts. An attacker who has captured the network traffic will not be able to decrypt it even if he finds out the long-term secret key of the client or the server after the fact
11) Users have total control over key exchange with encryption and decryption staying on their device only. The server operators or any other party are therefore unable to decrypt messages.
12) You can purchase Threema from its webstore (NOT Google Play Store) to avoid using Google Cloud Messaging (GCM) when it comes to push notification. Under settings/troubleshooting you can select Polling and Polling interval (5/15 out of 30 minutes). Threema will then poll the messages from the server just like IMAP polling without push. Messaging services using GCM for their alerts means Google can know when and who the messages have been send from/received.
13) The servers are located in Switzerland
Cons
1) Except for the encryption the rest is not open source. However, its source code has been independently audited
2) Another issue is when you have created a group but at a later stage you want to switch devices. Since the encryption happens on your device only, you won’t be able to continue with that group on another device. Even if you switch your identity over to another phone (this option exists), it still won’t help.
3) Messages do NOT self destruct on recipient devices. Some says this feature is useless since the recipient can always take a snapshot of the message on its device before it self destructs.
Threema — Secure Messengers.. or not so secure? Part 3
Reasons for using Threema [EN + GER] • r/Threema
Why I cant recommend Threema • r/Threema
I just learned about threema. Why should I use it over signal? • r/Threema
A comparison of Threema against other secure messengers is done here
Secure Messaging Apps Comparison | Privacy Matters