There's so many organisations moving away from it though. Email password recovery yes. But really, what does Proton's E2EE add to this? The email is still sent unencrypted across the internet. And only gets encrypted when it gets to their mailbox. It's not as if someone could easily break into gmail either. Unless they know your password but then Proton is just as vulnerable.
I just consider their "Security" window dressing to be honest. It totally ignores the gaping wide problem and fixes only a tiny pretty irrelevant part of it.
Many emails aren't sent unencrypted any more — just not E2E encrypted. It's harder to stop an active MITM from downgrading the connection, but the bulk of non-spam messages to my server come in with TLS. And while it's not going to be possible for most people, I have pinned most of my larger destinations to require TLS with a suitable certificate, so I can have confidence that my outbound email won't transit the Internet unencrypted.
Obviously if you're a client of a big hosting service that you don't trust then E2E has value. But that's not the whole problem, or the whole solution.
I get password reset links for pretty much every website on email. Few things as sensitive as that.
I also receive and send documents, signed or for signing, with pretty sensitive information, over email.
I agree it shouldn't be used for those but it certainly still is.