it’s disingenuous to think that users read and fully understand the various permission scopes of a service. “private” has an unambiguous meaning—playing the “well, technically” card falls pretty flat imo.
If Thunderbird had a hosted web version, yes. Are you arguing that data portability and interoperability should never be possible if the receiving app is an online service?
Of course Thunderbird could send an automatic update that starts shipping your emails to Thunderbird's servers. You dont expect that, but only because you trust them.
unless I’m wrong thunderbird software has complete access to all your emails when you give thunderbird your email details. Of course, that does not imply that a specific thunderbird employee can read your emails, it is probably encrypted on that end but if they pull a switcheroo and download all your emails into an AWS instance, yes that might be possible (and probably wildly illegal too)
On Android, when you give a third party client permission to receive SMS, you don’t expect it to have access to your SMS?