The claim #protonMail is making about employing a "trustless architecture"[1] is extremely misleading.

Their users trust them to deliver client-side code which does what it's supposed to do: encrypt and decrypt mails and share nothing with the server.

The architecture assumes honesty on their part, and it's far better than unencrypted mail for a variety of reasons, but it won't necessarily protect you against a fascist CEO. They can change the code at any time, even on a per-user basis, and you probably wouldn't realize it.

They have a good reason not to betray this trust, because getting caught would ruin whatever credibility they still have, but it is far from being "mathematically ensured" as they claim.

[1]: https://mastodon.social/@protonprivacy/113878954898251761