I can't agree with your first paragraph. It's a small breach of trust if I send mail to an innocent domain and it ends up on the servers of an advertising company where it is scanned for keywords without my consent. Remember that you agreed to Google's terms of service, but the persons that send mail to you did not.

I'm grossly exaggerating now, but if we replace gmail with IRS, I'm sure that most people would regard the forwarding as a big breach of trust.

You say that a lot of people could read the mail while it is in transit. This is of course true, but a student running ettercap or a sysadmin grepping the mail queue would face criminal charges. By scanning inbound mail from third parties, Google is operating in a legally dark grey area.

I'm not aware of other webmail providers doing the same thing.

Regarding Google apps:

If I find out that a company uses Google apps, I would probably take my business elsewhere for the same privacy reasons.

Interesting that Google feels the need to use non-google.com domain names for handling the mail of apps customers:

dig -t mx salesforce.com

salesforce.com. 300 IN MX 100 salesforce.com.s8a1.psmtp.com.

whois psmtp.com

Google, Inc.

Perhaps I am old-fashioned, but an honest name would be e.g:

mx12345.apps.google.com.

Okay, I understand your objection, and I think we're going to just have to disagree on that one.

I'm actually curious about that psmtp.com thing, I remember setting my mx records to point to something that shouted "yes, I use Google", maybe they have some separate arrangement? (I dug a bit, and my MX is: ASPMX.L.GOOGLE.COM)

AHA! I looked into it a bit, psmtp is actually Postini, which Google bought. I assume they use psmtp for corporate accounts that need better um. something.

So blame postini perhaps ;)

Yes, you're right. Perhaps Postini does not scan, in which case it would be ok to keep psmtp.com.