| Secure against what? E-Mail is insecure.
There are different kinds of login. The most common types are to pass the name and password as either plain text or base-64, which is easily deciphered, on a non-secure connection.
It used to be that anyone could send an email without authentication. That was only needed for receiving. Later there were minimal checks. For instance, some ISPs used to check that email was at least coming from their network.
That was changed because of spammers, mainly, rather than security or privacy concerns. Over time it's become standard to require login for sending and now it's becoming common to use SSL and encrypted passwords. There's also a push on to encrypt web traffic in general.
But I wouldn't argue with your point, especially where GMail is concerned. While a secure connection might save your email being hijacked while hanging out in Starbucks on their wireless connection, even with all possible security there's still Google reading your email, claiming co-rights to your email and retaining copies even if you delete them, all *as part of your alleged agreement with them*. That means your email is also available to any employees with access to Google servers, and probably to the NSA. It also means you've given implied consent to the notion that you don't care and don't expect private email. (That's the argument that Google likes to use legally: You can't complain because you have no reasonable expectation of privacy, because Google is dishonest and everyone already knows that before they sign up. It's sort of like, "Of course I robbed him, your honor, but he gave me his implied consent by letting me into his house to fix the drain. And he agreed to that on page 17 of the liability disclaimer he signed before I did the work."
There was an interesting analysis of expectation of privacy awhile back:
formatting link
The gist of the idea being that one's expectation of privacy, in a legal sense, is affected in part by one's expectation. If we don't make an effort to keep email private, through lack of security, use of corporate webmail, etc, then we could lose the right. In other words, in a way, Google's logic is correct: Anyone who trusts Google should have known that Google can't be trusted. Therefore, if you use GMail you've already agreed to let Google rob you. And by extension you've agreed that the NSA, Google's business partners, and any Tom, Dick, or Harry, for that matter, are doing nothing wrong in the simple act of reading your email. You "left it out on the table", so to speak. Maybe you didn't mean to, but you should have known that anyone could just break into your house and look at what's on the table. :)
The NSA has been trying to use the argument that Microsoft should give them access to customer files on their European servers with an even more far-fetched claim, which is that customer files are not private property but are, rather, Microsoft business records, which the US govt has a right to access. There's already some precedent for that, in a sense. If you get arrested and the court gets a warrant (or subpoena?) to access your GMail, they'll demand it from Google, not from you. So where *is* your ownership?
Arguably one of the greatest threats to privacy is the glib and lazy pronouncement by many people that, "Hey, there's no online privacy anyway, so there's no point in worrying about it."