What I'm saying is not that the dangers you mention are not valid but they are related to the processes for resetting credentials, not 2FA per se.ok let see how you will react when someone will impersonate you and gain access to your most private emails. Im sorry but i wont accept it, hence i won't use such service.
what you are saying it same as "the owner of my apartment has a duplicate of my keys, and will give to anyone who ask them showing a letter from me, no problem". Really?
We are not talking about Google but Protonmail...
Google is one company who got it right in hardening credentials reset with their Advanced Protection Program, you lose your u2f dongle, bye bye new logins unless you pass a really long and tenuous process.
ProtonMail could learn from them in that department.
If you want to harden it even more and completely block resetting credentials, that offers a tiny bit more security compared to Advanced Protection, ( as due to the long interval and tenuous process it's hard to get through it via social engineering ) but with the risk of a huge hustle, not being able to ever again access your email.
In any case at the moment they do not have hardened processes around resetting credentials, but if/when they do, I'd expect them to adopt a credentials reset process on the merit of what most of their users deem sufficient for their needs and the inconveniences alternatives may introduce.