Nobody knows who runs the Tor Mail service. This is good because nobody can order them to give up information about you. However, it's also bad because you've no idea if it's being run by responsible people, a government agency, wikileaks, or just a few nosy kids. You should still definitely use PGP encryption if you're using it.
Speaking of, has a replacement for firepgp (an awesome Firefox pgp plugin from some years ago) ever cropped up? It was so idiot-proof it was beautiful, and had the project not closed down, I probably would have rallied friends and family to use it.
The problem is that it was not reasonably secure. As I understand the complaint, you can't integrate PGP into an extensible, skinnable interface securely. There's not firefox or OS support for making that kind of thing doable. You'd want to have some sort of OS and app support for being able to encrypt a message in a widget on a GUI layer above the browser and then transferring it in, so that PGP and Firefox never come into direct contact. Qubes OS has a rough mechanism for keeping different security-level apps separated, and identified via a colored window border. I wonder if something similar to this is the correct solution.
I don't think that the problem was that Firefox or the OS weren't secure enough. Afaik the problem was that FireGPG worked inline with the original page, and thus a hostile JS on the page could intercept the plaintext.
I think something like the "It's all text!"[1] addon with GPG enabled editor should be reasonably secure.
It's may be more secure than accidentally messing up because you were cut/pasting into a text box. A 0-day on firefox could extract your key which is bad. So could a keylogger + ftp that was installed via a 0-day on firefox if you were using an external application.
If you're using Thunderbird or mutt, it's really easy and there are several tutorials out there that will be helpful.
If you're using webmail (particularly Gmail), it's easy to do badly, and I'm not aware of a way to do it properly (short of manually encrypting everthing and copy/pasting it).