To be clear though: by E2EE here I mean browser-side encryption with zero-knowledge on the server side.
Etherpad is still encrypted in transit with https; only the server can snoop.
Cryptpad and other web-based E2EE services can still be completely compromised server-side by serving malicious code to the browser, and practically the user would never know.