No proper DMARC which means anyone can spoof your email address and send spam or illegal content and it’d be marked as legitimate. They also tried to hide this.
They do a lot of things better than other providers like the encryption you mentioned plus IMAP support and not requiring more PII than necessary, but without a proper DMARC, nothing else matters. Just stick with Disroot or one of the PG recommended providers.