I wouldn't trust someone else to host my email ID. Get yourself your own domain at porkbun.com, make sure it's a .com or at least a very reliable TLD that won't be going anywhere, and then setup proton to point to it.
You are no longer locked into any one provider :) You can always transfer your domain and you can always transfer your email host.
I recall a blog post where an attacker got access to the blogger's domain through a social engineering attack on the registrar, and subsequently got access to their emails.
I'm curious if anyone knows the article I'm mentioning and how to prevent such an attack. I couldn't find the article back.
If the social engineering can get past 2FA, then the only options you have are
1. The registrar has offices in your country, so you can take legal action against them. Of course, this also means that your despotic government can force the registrar to ban you, etc.
2. The registrar is not in your country, so you depend on their benevolence to reverse the social engineering.
You are no longer locked into any one provider :) You can always transfer your domain and you can always transfer your email host.