If the fingerprint for proton.me (cert chain) been changed. Eg many companies unpack and repack the tls packages and self sign the packages before sending it to the client.
It is great that Proton pass notice this, really awesome, maybe the only password manager that check this?
However instead of just hang the win-app, perhaps ask the user if this is OK and allow it. I mean there is a valid root cert in the store that is approved by me.