[333c]

Why do you say that? My email provider (fastmail) supports two-factor auth. Beyond that, I use a long password generated by my password manager. Why am I less secure than a Gmail user?

I think security is much more dependent on user configuration. If my password is "passw0rd" then I'll be fairly insecure regardless of my provider. Likewise, since I have 2FA set up, I'm better off, regardless of provider.

[kdv]

That's a reasonable question. You're absolutely correct that security is often highly dependent on account configuration, but Google has invested more into security than any other mail provider and my ridiculous prediction is that their anomaly detection powered by their all-powerful compute network is only going to create a bigger gap there.

For most people, the biggest risk is a troll abusing account recovery or weak 2FA settings to hijack your email account, pivot to other accounts, and wreck your online life. In those cases, you're probably safe w/ a strongly configured Fastmail account (although there have been some recent issues brought to light around Fastmail's account recovery practices [1])

[1] https://news.ycombinator.com/item?id=15855081