ProtonMail's encryption and decryption all happens inside the browser. This means it's probably very easy for any encryption expert to audit the code and see if, for example, PM is surreptitiously including their own public key in the list of intended recipients.
The catch is that this code gets served up fresh every time you use the service. Assume, for example, that ProtonMail is secretly run by a celebrity gossip rag, and exists solely for the purpose of collecting private details about famous people. It would be trivial for them to serve perfectly secure, normal javascript to all users by default, and serve a slightly different set of code to selected targets. This would be very hard to detect.
How would you know if the code had changed since a trusted expert had done an audit? (For example, is there some ready way for typical users to verify the checksum on a particular site's javascript?)