[mcv]

Unencrypted sensitive data in an email is a really bad idea. I hope they never do that.

Although what I would really like, and think is long overdue, is an extension to email that normalises encryption and sender verification. It's ridiculous that email can be spoofed like that. (The same is even more true for phone numbers.)

[pocksuppet]

Is it really? Who can read it today? Your email provider and theirs? Gmail won't deliver messages without TLS any more, so everyone supports it or they're effectively kicked out of email.

[floam]

TLS just encrypts the IMAP / SMTP sessions, no guarantee it’s stored encrypted, let alone end to end