I'd say the problem of PGP and email is that it suffers from a "90% of features is good enough" mindset that is prevalent in open-source (which otherwise isn't a bad thing!)

But when it comes to true security, 90%, or even 99%, is so far from "good enough" as to be pointless.