also a lot of bad practices, like no possibilities for free tier to use imap and smtp. This enforce their first party clients to users where faulty pgp implementations or backdoors of any kind can be inserted; also clients are open source but there is absolutely no attention to reproducibility or good FOSS development practice in general.
Also extensive use of wasm and jit javascript in the login page of webclient that only god know what it does and reportedly leaks infos when connecting trough onion domains.
And yes, in the end is just a "trust us, we are the good swiss people, google bad" narrative, without ANY technical better solution respect what google offers...