[blueskin_]

>Probably to prevent an attacker from stealing your account, but not to stop them from reading your emails.

Since nothing important goes to them any more and I mainly keep them active to stop them getting squatted for for some highly intermittent email (3+yrs) I might have forgotten, then it doesn't matter much there. As it is, the main attacker where gmail is concerned is google itself, followed by the NSA.

As for other people with gmail accounts, yes, but I'm aware of when that happens and wouldn't email anything sensitive to any gmail(hotmail,yahoo,etc.) account.

[the_af]

The problem is that, as a security solution, having your own mail server and being careful about who you send emails to doesn't scale and it's not feasible in the general case. If you're worried about Google/NSA/spies as the main attackers, I'm not sure hosting your email is the best solution. Yes, it works if you never send email to anyone with Gmail, Yahoo, Hotmail, etc. But that will prevent most normal uses of email. And if you do send email to regular people, then someone, somewhere, will read your emails; that's what they are for after all. And then the privacy of your email is as good as the security measures your recipient has in place.

Same with 2FA: it's a security measure to make it difficult for an attacker to gain access to your account, and one all of us should use, but it's not there to prevent them from reading your emails.

Maybe the overall solution is "don't use email -- self-hosted or otherwise -- for anything sensitive, ever." This will probably work, but is not feasible for most of us.