I use Proton as well and it’s been great, but setting up their bridge for IMAP access in a way that worked for my setup was needlessly annoying (run on a headless server and access it from other devices within the network and docker containers on said server).
I would never expose it outside my network. The password used for authentication is too easy to brute force. If you really want to access it from anywhere, set it up for access within your network and then maybe use a VPN tunnel for devices outside the network. But anyway, setting up local access is problematic because it binds to localhost and gives you no option to change the binding address. There are several ways around this:
0.0.0.0 1142 127.0.0.1 1143
(bindaddress bindport connectaddress connectport); last step was to set it up as a systemd service.I went with the third option and it seemed like so much hassle for such a simple requirement, honestly. If you decide you want to do this, feel free to ask for my configuration files.