And in that case, you can surely run your own Nylas sync engine server alongside it. Which still adds no new security issues with using Nylas.

This comment made me smile. Mostly because it threw a new a new light on what I was already thinking; self-host (love how my phone assume I mean "self-hatred", not "self-host", btw) the whole stack, and avoid new security issues that come with forced hosting in hostile jurisdictions.

But take a new daemon that talks a cross product of tls/ssl and three(?) protocols, is supposed to parse random emails, expose it to the Internet - and claim "no new security issues"?

Oh, how I whish that could possibly be true.

It's reasonable to point out this, true. But in the scope of the parent discussion, it was about NSLs from hosting in countries with compromised providers. If you are running your own mail server, you have mostly the same security issues you need to zealously guard against, wherever you put it.