I've been following the development of the Tox project since it first started on 4chan's /g/, and I've been sceptical of it from the very beginning. The first issue was that there was no need to reinvent the wheel. Retroshare exists, it's a mature project, it does videochat already among other things, so why not contribute to it or fork it? Jitsi and Pidgin are other alternatives to Skype that do everything Tox does and more. Then there was the fact that the Tox team started hyping it long before they had something resembling a working program, another red flag right there. Then there were serious doubts about the ability of the developers to implement encryption correctly. Then there was developer drama. Meanwhile, development was slow, very slow. It's just been one misstep after another for Tox. The other day I was checking 8ch's /tech/ catalog and there was this story about the "mismanagement" of the foundation's funds. Some guy took out $3k to pay for his college tuition fees or something, and didn't even bother telling the others until he was pressured into doing so. Hilarious! Tox is a great example of how not to run an open source project. Everyone who has yet to abandon this sinking ship should do so already.
So is Retroshare actually secure? I have no idea if Tox is/was, but I've been under the impression that our best hope for secure communications between ordinary people is https://whispersystems.org/
To answer the question: We don't know for sure. As far as I know there hasn't been a recent independent security audit of the software. Secondly, Tox will exists anyway, but its community seems to be pretty annoyed of problems going on behind the scenes. And also, I personally do not consider your choice as very secure, as it is closed-source (or prove move wrong?) EFF published a list of nearly all IM tools and listed up their security and privacy, so I would like there for a new instant messenger that suits my needs.
Looks like WhisperSystems does open source though: https://github.com/whispersystems/ The main concerns I have with regard to security software for the masses are: - It's seriously difficult to get crypto right. You need to be a true expert to produce genuinely secure software. - Most of the people who can get crypto right are a bunch of psychopaths selling their hacks to spy agencies and governments around the world, i.e. (other psychopaths and) exactly the people that should not have them. - It's really difficult to make security software accessible enough for mass adoption. As far as I can tell, WhisperSystems is the closest to pulling it off despite the problems.
Yup, certainly it can be (very) hard to build stable and secure software, especially when the cryptography on which it depends isn't as secure as it's considered to be. And the only way to trust the software by 100% is to make it with your bare hands - which requires: a lot of time, a lot of motivation and also a lot of money. And thanks for the Github link. I didn't searched for it at all (sorry for that), and it looks like a nice thing.