I've never tried Proton myself, but I don't understand how you can consider it to be a "secret". It's literally the only thing I know about them: they've established themselves as a "more secure" email provider, and they back that up by abstracting some of the pain points of using GPG, which is a completely unusable protocol for normal people.
If it was some other email provider that did the same, I'd 100% agree. But with Protonmail, GPG is pretty much the entire reason we're all aware of their existence.
What they do for Proton-to-Proton messages is their business, since they own all the fallout from people losing their keys to that, but to just blindly encrypt to a key somebody might or might not still own the private decryption key for is just reckless.
I just tested it myself, and while there is a visual indicator of that automatic key lookup happening, there's zero way to disable it, nor to even verify which key it picked or to display the key hash.
It seems like a terrible solution halfway between convenience/opportunistic encryption and actual security, combining the downsides of either (a high risk of sending messages the recipient won't be able to decrypt and a moderate risk of encrypting to a key other than the expected one).
If it was some other email provider that did the same, I'd 100% agree. But with Protonmail, GPG is pretty much the entire reason we're all aware of their existence.