One of the bold claims of proton is that all your data is encrypted and they can’t see it (not 100% sure how they do it, probably your key is encrypted with your password as a symmetric key? Then when you log in, the client unlocks your private key and then that key unlocks the emails and stuff).
Now, it also turns out that they write the software that uses your key to decrypt the emails. It would be trivial for them to just send the keys back to themselves and decrypt all your stuff.
I don’t think this is a huge point against proton, as AFAIK no one else even offers encrypted email. But nonetheless I would like to see an api and some third party clients.
They should allow that. With gpl, the name is protected and that’s all that matters.