If something is weak, it is Proton’s knowledge of password strength. For example, they call a 16-character password without special characters “weak,” which has around 95 bits of entropy, so this doesn’t make sense. They also overemphasize the role of special characters in passwords, as just increasing the password length by a single character would add more entropy than enabling special characters. Furthermore, many of Proton’s articles regarding password strength contain a lot of misinformation. This one talking about password entropy might be their worst yet. You cannot seriously claim that a single word, “Bankruptcies,” has 68.4 bits of entropy, which also isn’t the only inaccurate claim that the article makes.
PrivacyGuides has also just recently started to recommend Redlib.
You are right that Proton is currently self-funded by its paying customers, but to be accurate, they have actually taken VC money before.
I think this article by Mullvad explains this well.
According to their privacy policy, they are using both AdMob and Facebook trackers on their other apps, so that may happen to Raivo as well at some point.
Proton Pass has already been audited by Cure53.
The only app that hasn’t yet been optimized for iPad is the Calendar app. Otherwise, Proton has proper iPad apps for everything else.