As has been frequently pointed out, they could choose one account and serve that account a different webpage just once, and harvest their password in order to decrypt all their email in perpetuity. This would be a trivial change that would certainly go unnoticed.
I fail to see how this is any worse than any of their competition, which does server side encryption. At least with ProtonMail there is the chance of them being caught serving backdoored client-side pages - with server-side you would never know.
I feel like the hate is a case of people thinking not being perfect is worse than being average or bad.
If protonmail is billed as a pgp replacement, then people will think it is reasonable to use protonmail's encryption instead of 'offline' encryption, when that's not the case at all.
