Because it's closed-source, you have no assurance the client and server are not juggling SSL keys and allowing a MITM attack to be performed at the request of a subpoena.
An easy step to credibility would be to publish their server's API and allow third-parties to implement their own mail client apps. Then they become a cloud service provider and leave the app development to others (in addition to a feature-poor POC app developed in-house).
Finally, not to beat a dead-horse here, but this phrase isn't confidence-building--
"By using open source encryption libraries, we can help guard against back doors designed to compromise your privacy."
No guarantee against back doors. They're just helping to guard against them.