@hugoart, thank you for your time and attention.
Here are some of our thoughts.

as you said, we believe email log-in is a killer feature for multiple reasons. As Citadel.one is intended to be not just a mere service but a whole ecosystem, we envision our users switching web/mobile and Citade.one chrome extension (Metamask/Keplr like but cross-chain) seamlessly without losing any personalized UX. This means that users will have access to the very same addresses, transactions history, contacts book, DeFi Dapps, etc. no matter what platform he or she is using. To achieve this goal and provide this kind of service we need an account-based system. Another point behind email is that Citadel.one intends to become a marketplace for Dapps, and in this case, some kind of feedback/communication channel between users and Dapps developers is required by default.
Considering your privacy concerns, which we fully respect as one of the core ideas behind crypto, you have several ways to bypass this. The easiest one - is just to use ad-hoc email (private, secure, spam even). We recommend using Proton, but other options are viable as well. Again, Citadel.one is not collecting any sensitive data and uses this feature to provide top-notch service for its users only.
Regarding worries that your access to your funds depends on third-party services (like email) - Citadel.one is a non-custodial solution, your funds stay yours as long as you and only you have access to seed phrase (or private keys) associated with those funds. Losing access to your email will not affect funds in any way, as they are stored on a blockchain. To get access to them with Citadel.one you can simply register a new account with another email and restore access by importing your seed phrase / private key. Easy! You can have multiple Citadel.one accounts under different emails and the very same seed.
Summarizing it all we believe convenience benefits overweight privacy concerns, which can be quite easily bypassed by using ad-hoc email. In the future, we have thoughts of introducing an ad-hoc intermediary email. Unfortunately, we can't integrate Metamask and Keplr earlier as we can not move our schedule, which is very tight.
On the bright side, your point is "Keep your seed safe in one place.". But with Keplr and MM, you have at least 2 seeds (in our experience most people create different seeds for different wallets). Add Phantom for Solana, Polkadot.js for DOT, and others, and all of a sudden you have multiple seeds needed to be stored securely (in one place, still fragmented).
Our approach is different. With Citadel.one one-seed you need only seed phrases for all networks, as it is a cross-chain solution. The real value of this approach will be realized at a later stage when cross-chain applications will start dominating the market. Imagine a Zapper-like app generating a complex cross-chain transaction from ETH Uniswap ETH/USDT pool and right into SeFi sETH/sUSDT, as an example. To make this a one-click service (which will require signing multiple transactions on several networks under the hood) cross-chain one seed is the only possible solution.
It always takes time to build trust, but once it's done, perhaps someday convenience advantages will overweight fear, moving costs (perhaps laziness xD), and create a strong incentive to switch from MM and Keplr to Citadel.one.
That's the future we are working forward.
Best
C1 Team
PS We will become open source some time next year. For now we need it as it is not to loose our advantage.