[cge]

Proton's major draw, in my view, is the storage being encrypted and not accessible unencrypted to the server, not the transmission and emails to others. While it does do relatively convenient PGP encryption to other ProtonMail users (and annoyingly inconvenient PGP encryption to others, when I've tried), these are rather limited in scope, because of the limitations on recipients.

If your concern is a major state-level actor, able to spy on every recipient/sender you're communicating with and generally tap emails being transmitted, yes, Proton offers little protection, and email is insecure. If you're worried about a data breach or targeted attack compromising your stored email in its entirety, however, it does. These are more feasible for smaller-scale attackers, and in getting an entire, potentially complete history of your emails, potentially offer something more than just spying on one email.

I'd speculate that targeted attacks are more often client-side, usually trying to steal credentials from the user, but at least the user can be careful about these. Having all your correspondence stored and readable on a server that isn't under your control means you have to trust the security of the server much more than you would with this type of encryption.

[Reitet00]

> annoyingly inconvenient PGP encryption to others, when I've tried

If the recipient has set up Web Key Directory for their key the encryption looks just like for a Proton recipient (transparent key fetch in the background). And WKD is quite common and easy to setup (eg all major Linux distros have it).