The bridge does the decryption using credentials you give it locally.
Are you reading what I’m typing? I just described the full process they do on their apps and what can be done over IMAP to give you the same level of protection that Proton offers.
Besides, Proton doesn’t even provide zero access. In Proton there’s a bunch of data like e-mail headers that is NOT encrypted at all and they say it:
Any generic IMAP/SMPT provider + Thunderbird with PGP provides the same level of security that Proton provides, assuming they didn’t mess their client-side encryption/decryption/key storage in some way. PGP is making sure all your e-mail content is encrypted and that’s it, doesn’t matter if it’s done by Thunderbird and the e-mails are stored in Gmail OR if it’s done by the Proton bridge and the e-mails are on their servers, the same PGP tech the only difference is the clients.