[Xylakant]

> It looks like the goal is that you don't even have to trust protonmail.

Sorry to say, but that goal is unachievable with that setup. They provide you with the code that does the decryption. It's a simple thing to enable that code to send back the decryption password and store it on their servers. So every time you decrypt a message, you'd either have to evaluate all the javascript they send your browser, or put your messages at risk.

There's a similar problem with GPG/SMIME implementations: I have to trust the people writing that decryption code, but that's a bit simpler - they can't easily target me directly and the churn is much lower.