Look, saying Google might be going a bit far, given that PGP doesn’t encrypt everything about the message, but the sentiment is broadly correct: for security, it is better to use independent, trusted encryption and a deliberately untrusted network service provider, than to trust the claims of benevolence of a network service provider that it provides trustworthy encryption. In the former case, you hold the keys and the Google cannot wrest them from your grasp by any means. In the latter case, the Proton frames it as though you hold the keys, but in actual fact they access the keys every time you do, and could at any point decide to duplicate them.