Proton exposing email with Simplelogin if attach public key enabled

I’ve turned signing the emails and attaching them off in the meantime until I get more information. while I think it’s cool realistically I haven’t found anyone who wants to use PGP with me and those who would already have a proton account, lol. Frustrating that this is the case though and I didn’t know about the API either, thanks for that. So in that case even if you were just signing the email vs attaching the key it can be matched via that API if you had some emails to try? A lower attack surface but wild to me that this is a public API