if they use the email/smtp protocol then it's email.
plaintext password does not enter their system. For example I still have to enter a second password for the in-browser decryption (although these days they use the same password). Most of security feels like theatrics, but small measures that add difficulty for a potential threat actor add up.
I think you are misreading my comment: they are the threat actor themselves, tricking users in believing they are better off via Proton.
SMTP does not encrypt messages and they arrive at Proton's inbound relays unencrypted, are scanned in plaintext for spam etc. At this point they can Bcc anything to another relay/account and keep a copy of all inbound messages BEFORE anything gets encrypted.
Access to historical messages? One line of code for logging, and let's not forget GPG does not encrypt the metadata which is readily available. How about FTS indexes, are they also decrypted on the fly in the browser?
Email is complex and not many have the patience to understand the monster behind, but lying about it, as Proton does - I find it just insulting to our profession.
Also "Swiss neutral", this is even more offending. Swiss execute US orders regularly.
plaintext password does not enter their system. For example I still have to enter a second password for the in-browser decryption (although these days they use the same password). Most of security feels like theatrics, but small measures that add difficulty for a potential threat actor add up.