Using one username+password to access all Proton services opens that entire Proton account to one keylogged login attempt breaching everything.

If I want to log into ProtonVPN somewhere, that does not mean I trust that computer with access to my email, calendar, drive, and so on.

Logging into ProtonVPN, even if keylogged, should only ever allow the attacker to log into ProtonVPN.

This is an all eggs in one basket situation.

Let people use personal access tokens instead of Proton SSO, created for and bound to one particular service.