You're right that installing the desktop Signal app on your computer opens a new avenue of attack. In particular, it means someone who can get into your computer can get into messages that would normally only be on your phone. And generally, phones (especially Apple phones) are harder to hack than desktop computers.
But then, installing anything that syncs with your phone opens up a potential attack -- have you considered whether you should perhaps not sync your phone address book to your computer?
Meanwhile, purely on the desktop side, using Enigmail isn't going to be any more secure than Signal, and in fact I would guess less secure because PGP is an older protocol that has some real problems and because Enigmail is just a larger and more complex piece of software.
So yes, installing Signal desktop does open up a potential route to get at phone messages via your computer. That may be a problem. But if you're going to use a desktop messaging app at all -- especially one that syncs between your desktop and phone as most do -- it's as least good as anything else.