> But I don't know any way to verify that the data is being encrypted well or sent only to the intended recipient.

Couldn't you say the same thing about Signal? Both parties claim to use end-to-end encryption.

If you don't have a SAS phrase or some other way to aurally verify the other party, you can never be secure against a MITM. Signal does this, while I doubt it's available in FaceTime audio.