This would worry me more than drama about one algo choice over another. Encrypting the data at rest (even it's not perfect) is probably better than letting it sit around in plain text.
OTOH account hijacking is a well documented[1][2] threat.
I don't like the idea that if I set up a secure password and 2FA someone could call up Protonmail and go "Uh yeah, I use, uh... Hulu? Reset my password please!"
It's a valid concern, though in my case there's no other means to check the ownership albeit being flawed one; note that me having a valid login password/ or not doesn't seem have any impact on me recovering the password as I contacted them using web form support.
I don't think that would have made any difference, if someone with malicious agenda wanted to gain access to my email account.
It all depends upon how much trust, my initial answer to the question 'When you account was created'; I'm 90% sure I have correct year & 70 % on the month (I gave another month as well).
If that answer really did create some trust, then there's something; if not then I'm quite sure anyone can hijack an account without recovery email if they are able to guess few email ids correctly.
OTOH account hijacking is a well documented[1][2] threat.
I don't like the idea that if I set up a secure password and 2FA someone could call up Protonmail and go "Uh yeah, I use, uh... Hulu? Reset my password please!"
[1] https://www.ftc.gov/news-events/blogs/techftc/2016/06/your-m...
[2] https://www.engadget.com/2016/06/10/hacker-hijacks-deray-by-...