The problem with "secure email" providers like ProtonMail (and GhostMail), is that they are "end-to-end encrypted-kinda-sorta-not-really".
Problem 1 - Your private key is not yours
They say it "stays in your browser", but they cannot guarantee that. There are multiple scenarios where your private key would leave your browser and get sent to their server:
Problem 2 - Your friend's public key is not theirs
Their server sends you the public key for your friend. How do you know it's actually your friend's and not theirs?
Neither GhostMail nor ProtonMail belong on this list.
Also, this is nonsense (from here):
No. That is not forward secrecy.
Stay away from all of this nonsense folks. If you want GPG, use GPGTools, Enigmail, or Mailvelope.