"Doesn't that mean the courts could compel you to just alter the JS payload to capture keystrokes for these folks? If not, how do you prove that to us?"
Swiss law is very clear in stating that this is not permissible, and this can be verified by checking the law itself.
This ignores half the problem and it's telling you tried to slide past it. You certainly can and probably will deliver message content sent from a protonmail account to a non-protonmail account.
I'm not an expert in Swiss law, so I have no idea. I'll wait for a 3rd party I trust to vet your claim.
What's the allegation here? The mail stored on proton's servers is encrypted. If you send that mail elsewhere, it's subject to the security of the receiving server and any intermediary servers.
They are not denying that, they clearly stated it:
> ProtonMail does not voluntarily offer assistance. We only do so when ordered by a Swiss court or prosecutor, as we are obligated to follow the law in criminal cases.
I too am interested in the source. Mostly out of curiosity, here in the US our laws definitely don't exclude things like building in backdoors, adding js payloads, etc (Although a few political lines have been drawn, such as Apple refusing to unlock iPhones, but these aren't written in law, they've been decided in courts and are very wishy-washy).
Swiss law is very clear in stating that this is not permissible, and this can be verified by checking the law itself.