“All security is porous” is pure FUD reasoning and, completely disregards the security audits Proton does to make sure its not anything like LastPass.
Using LastPass as a strawman is not a compelling argument.
OP and You are also assuming if Proton was breached that it means all the user encrypted data would somehow be available to the malicious party which is also extremely unlikely.