Yes. Setting a recovery email can be bad OPSEC because you can possibly be identified by it.

But that’s not the point. The point is that ProtonMail has access to your shit, otherwise they wouldn’t be able to help you “recover”.