I guess so, but that's the same situation as it is with any other email provider (yahoo, gmail, etc). The difference here is that you are only trusting Pluto. With other providers, you are trusting the provider and all recipients, whether they are an intended recipient or not.
In short, there is no free lunch, but this seems like a decent solution as you only have to trust one entity. Its up to us (potential users) to decide to trust them or not.
Indeed there is no free lunch and until email end-to-end encryption is widely supported, the unencrypted content is going to be stored somewhere. Pluto has an easily accessible eliminate option that deletes all copies of the email from our servers (and given the way Pluto works, also the recipient's access to the content). You can click “Eliminate all emails” on the top right signed-in home page to eliminate all emails or you can do it on a per-email basis by clicking “Eliminate Completely” in the top left of an email details page. We also support an auto-eliminate setting that eliminates an email from our servers upon unsend or auto-expire.
In short, there is no free lunch, but this seems like a decent solution as you only have to trust one entity. Its up to us (potential users) to decide to trust them or not.