No. Data Downloaded from CDN caching nodes is always verified by the acquiring Telegram application By means of a hash: attackers won’t be able to substitute any files with their particular versions. MTProto uses AES in IGE method (see this, in the event you surprise how you can securely use https://www.mtpoto.com/