Good day,
While what you’ve said is reasonable and something I very much agree with, the thing is that we currently have Riseup on our E-Mail page as well which is hosted in the US, not Switzerland and doesn’t make their entire source code open.
Being hosted in the US (at least for me) is a far bigger security issue then anything you might justifiably level against Protonmail, at least in my opinion. Also, they still haven’t stopped tweeting about birds which is concerning: https://twitter.com/riseupnet/status/818846905270751233
Actually already has been implemented, though shouldn’t be used, as even if their open source code appears clean, whether they don’t deviate from their source on their servers is unknown.
Then again, if security really is the main goal, hosting a mail server yourself is the best solution. Making it secure isn’t hard anymore too, as like mentioned before, PM has made their source public: Proton Mail · GitHub
Have a nice day,
Ego