In principle the messages themselves could be E2E encrypted, but the closed-source WhatsApp client could transmit decryption keys to Meta HQ without anyone finding out. As long as the client or the client device is unsafe and not trusted, E2EE is not really effective. Which is why one should always demand a FOSS client for E2EE.