The backend is the real interesting part, and the only way that we can be sure that “they cannot read the emails”

While I’d still prefer it, OSS can’t really help with that because what’s really required here is remote attestation.
That is an unsolved problem to my knowledge; there is no way to know which software they’re actually running. Even if they published the source code, they could trivially apply a patch in their deployment that stores all incoming email somewhere and you’d be none the wiser.

Even if they published source code and could somehow prove to you that they’re running a version derived from it, you would still not be safe from surveillance as one could simply MITM all connections. See i.e. https://notes.valdikss.org.ru/jabber.ru-mitm/.

That’s likely one of the reasons they do everything they can to make PGP accessible to every user.

imap/smtp can be toggled with a warning, if that’s really their concern

It’s plain and simply not how their service works. They’d have to build most of their service a second time but unencrypted.

It’s like asking Signal to build in support for IRC; it does not make sense for them to do that in any way without malicious intent needed.

no IMAP = no easy migration to somewhere else

You have IMAP access via the bridge. That’s what it’s for.