The lesson here is that Proton mail IS secure. The contents of the emails were inaccessible to the provider. Yes, they gave up some info but they made sure that the only info they were able to give up was controlled by the user.
If they didn’t have a recovery email, there would have been nothing to turn over.
The takeaway is to not use a recovery email or at least one that isn’t traceable to you.
I wonder what would happen if the recovery email was another Proton account.