A lot of SMTP server-to-server traffic is encrypted. But a lot of it isn't, and it only takes one exposed hop. So as a general rule email isn't effectively or reliably encrypted. There's probably also a lot of email traffic being carried over crackable VPN links such as PPTP.
You're certainly right. By "much" and especially in cases involving security, I don't think we can be happy with or report on the system's security with just a "majority" being all that's need to feel safe. In fact, I'd go as far to say that unless approaching 100% and without considering circumstances like those that involve an NSL, all bets are off. Circumstances concerning an NSL are another matter, and that's where we should eliminate the on-the-wire concerns and opt for PGP-like communication.
