The IMAP/SMTP issue is the main one. The stated reason they do it is to decrypt/encrypt incoming/outgoing emails on the client rather than on their servers. But the problem with that is that decrypting emails on the client is well supported by PGP in almost every email client, and even if an unencrypted email is sent with SMTP you can easily add encryption on the fly server-side - something they already do for incoming, unencrypted emails. So the tradeoffs don't make sense, it's just a convenient excuse which allows them to take advantage of vendor lock-in.

They also make promises which are based on trusting ProtonMail rather than trusting the math that underlies their security model - for example, they could trivially store a copy of incoming emails in plaintext before encrypting them normally, and they could then keep your emails in plaintext without you being any the wiser. Users who depend on their communications being private shouldn't rely on this, PGP does not require trust from anyone but the sender and recipient and has been working well for years. If they wanted to improve ease-of-use for PGP they should have done that, rather than building their own crap with questionable security promises on top of it.