[Moru]

The web is _partly_ encrypted in transit. To the point where it hits the closest cloudflare (or other edge) server. From then on it's often unencrypted the rest of the way to the real webserver.

Yes, it would be possible to encrypt email too but it would involve changing every email client and server there is, and there are quite a few of them. And a public key repository for everyone to be able to find the correct key for each receiving adress. Mailing list servers and other group mail would be particularly fun to solve.

[milankragujevic]

Given that you mentioned CloudFlare, they actually encourage using Full SSL (Strict), which requires a valid certificate from the origin server to the edge server. You can also get them to issue an SSL cert for you if you don't want to deal with that yourself. It expires in 10 years by default, but can be revoked easily in case of key compromise.