However, I do know a lot of people that know the founder (Andy Yen) socially and they all uniformly think he's a scumbag. (Doing things like going to car shows with a junker saying that his nice <insert car here> is in the shop, other generally sketchy/manipulative actions.)
Overall, I'd say Protonmail is good at being a hype machine and while there may be some technical correctness in what they're doing, it's not a business you'd want to rely on.
Showing up with a junker with the explicit purpose to pick up chicks. And doing this repeatedly/bragging loudly about it.
On one hand it doesn't necessarily speak to the guy's technical capabilities. On the other hand, I at least wouldn't trust the guy to be principled enough to not pass this stuff over to <insert x group here>. (Especially if it was at the right price.)
But here’s the caveat, no matter how transparent they are or how many white papers they publish, there’s no way to verify what is actually behind the hosted service. If your threat model includes a nation state then anything short of self-hosting would be risky. If your threat model involves getting away from google and trackers then it should be safe bet. For that matter even other providers like Fastmail or Zoho would be a good choice.
September 17, 2018: "Our apps are planned to be open source by the end of the year. Your patience is greatly appreciated."
You can't rely on a company to provide you security or privacy.
Good luck with that. Security that no one uses isn't security at all. Placing those demands on everyone else in your life is going to result in fewer emails, not more secure emails.
Sometimes this is a good thing.
This risk is real even in the hypothetical world were everyone uses ProtonMail, but in the real world you have a bigger risk: most people don't use ProtonMail and the risk of your e-mail being included/forwarded whatever to a "plaintext" service is really high.
I would recommend to avoid ProtonMail and other e-mail services that claim to be secure, and stick to end-to-end solutions like Signal/Wire/WhatsApp.
What are you trying to achieve? What are your goals?