When a user sends content to another user, they will assume that only the true owner of the user's account will be able to access it. If someone else gains access to a user's account, they can impersonate them, see their communications, and send misinformation to other users.
User access to the service should be authenticated to ensure that only the intended users can access communications.
The device used to access a communications service will process un-encrypted data and may store user account credentials and historic communications content. If someone were able to gain a privileged status on the device, then they may be able to access the application (or its data store), which could allow them to impersonate the user (or access communications content).
Devices should be appropriately configured to protect against unauthorised access to the user account, and ensure that communications are kept private.