Option to delete (encrypted) private key from server (use browser storage instead)
The encrypted key is stored in browser storage and only transmitted to the server by request of the user (or at least he has a checkbox somewhere to not upload it). As long as the key is on the server the user can download it (= log in) to new clients (like it works now). If the user has set up all his clients he can request to delete the key from the server (he should be advised/forced to download a backup copy then). Actually proton mail could basically stay the same for most users. You would just give some users the option to delete the server-key, thus eliminating the scenario of brute-forcing the mailbox password. Usability would stay the same for the user once all clients are set up.
InvMail (formerly LavaBoom) lets one optionally keep one's private key local i.e. never synced to the server. ProtonMail could totally take a step further in this kind of zero knowledge direction too, and not just with the Web app. For the mobile apps ProtonMail could let us keep our keys local there too by, for instance on iOS, letting us sync our private keys to the iOS apps via iTunes, just like one can sync a .kdb file to an app like MiniKeePass, or VPN profiles to an app like OpenVPN etc.