Still, the idea is that Proton has everything they need to access your data (your encrypted bits, your encrypted key, and your password you send them every time you login). You have no guarantee that they don’t have something (intentionally or not) that can catch this and extract data about you.
You also (and more importantly) have no guarantee that the Swiss government can’t or won’t force them to implement such systems, and hand over your data.
They already lied about not storing your IP until a judge ordered Proton to produce it for a French national. They have since redacted their privacy policy to say they may store such data about you if requested. They can do the same to get your key.

No matter how, if they possess the keys, it’s not your crypto not secure.

It may not cut it now, but we can’t guarantee it will stay the same within a few years (either faster compute, or other techniques that speed up the brute force)

it will not be a correct key, so you will fail during decryption, but it will take a lot of time to check and may not be easy to automate.

If you have any way to check the key validity offline (for example, you subpoena the encrypted data) then it’s trivial to check and automate.
Of course not everybody is capable of this, but it’s becoming less and less difficult to brute force it, and renting a few hours of GPU time to do it is within the means of small bad actors.

How do they authenticate* you? They just send the encrypted key and if you can decrypt it then it’s you?
If so I can request any account encrypted key and try to brute force it offline

If the key is the same password you use to login, then they already have the key. They may not store it unhashed, but you transmit it to them every time you login. If law enforcement forces Proton, or if Proton turns evil (or gets infiltrated by a three letter agency), they can use it from the auth to decrypt your key and your data.
Plus, a bad actor having access to the encrypted key is free to brute force it. It may be hard but not guaranteed to stay hard forever.

Edit: didn’t realize I was in a Proton fanboy community where you can’t criticize or ponder the service security…

In Belgium, a judge can order you to give your phone password (and I would guess a decryption key too) and not complying with it risks imprisonment and a fine.
So like you say it entirely depends on the local laws. Most of the discussion around Proton here should focus on Swiss laws instead of projecting based on their own local laws

If they (proton) have the keys, doesn’t matter if they encrypted your data. They must have the keys because I can log into mail from different clients and read all emails without having to insert my key.