There is, and for a DoD employee to not have sent a document like an SF-86 encrypted indicates a failure to follow basic procedures. Every DoD employee (military and civilian) has an encryption key they can use, and are required to use, for things like PII and many others (which an SF-86 would definitely contain).
Efforts to end-to-end encrypt e-mail have been disastrous, coming down to a combination of human factors and difficulty of coordination - but mostly, people want to be able to read their mail. Sometimes they want to read it from public terminals. Sometimes they lose their phone and still need it to be accessible. Often, e-mails are required to be unencrypted by the mail server for compliance purposes - Nearly all financial data has to be archived, and that's often the crown jewels you're trying to encrypt, anyway.
I don't know of a good oral history of PGP, but I suspect if you find one, it'll have the answers that you're looking for.
US DoD has CAC - Common Access Card (commonly called a "CAC Card", but that's as silly as a "PIN Number"). CACs have encryption keys and are used for signing and encrypting email. The data should have been transmitted and stored encrypted for something like an SF-86.