For me, it’s extra attack surface. I don’t know how big of a concern it is with respect to how it’s implemented, however I have high hopes for Proton to continue down the road of approaching an alternative to all of Google services. I would think that the more things are added over time, the more difficult it will be to keep things secure and unbreakable, the same way code that has more and more features becomes harder to think about. Sometimes multiple rewrites are important not just to simplify things but to eliminate points of failure, or ways that it can crash.
It seems that some people like it and want it, though I couldn’t read all of the back and forth, and some people don’t. I’d rather see Proton producing other things such as end to end encrypted push notification services. I don’t know how they would break into that market but it was stated as one of their goals.
I think maybe I just don’t know how it’s implemented and if it’s a separate process that runs on it’s own and gives password access or if is integrated into services and needs to be accounted for every time they add a new product, if it can serve as a back door to decryption by legal order now or in the future.
To quote Andy Yen, “One day, we will be hacked”