I'm not impressed with that argument against Tuta. They had a very compelling response to this and there's no evidence for any of it.

You can literally audit and build from source the software. All the encryption is happening client side, transparently... Tuta wouldn't even be on my list of options for a honeypot if I were an attacker looking to create one.

Spend more time reading and learning before promoting misleading and harmful information.