If you're looking for a fancy academic whitepaper, here is one example:
An Analysis of the ProtonMail
Cryptographic Architecture
Nadim Kobeissi
September 6, 2021
https://eprint.iacr.org/2018/1121.pdf
and the part me & you are talking about is:
Pg 7 of 14.
Section 4.1.1
If you're looking for me to say it to you in raw shit, here it is:
When you use Nostr you have the private key on your device, browser extension or client.
When you use Protonmail, their web app is unlocking/signing/or generating for you the private key stored via encryption on their server. So there are many ways they can screw with you. Including SOME:
a) serving you bogus code to phish the password
b) telling you the other proton guy's public PGP key is something else
c) brute forcing you, they have unlimited attempts with no time lock. And your password is weaker than a PGP Key.
d) messing with you during registration to begin with