Years ago I was in a compliance training class with a large group, and the trainer told a story about a security breach. An employee was having problems working with a spreadsheet, and she was on the phone with a friend of hers. The friend told her to just email the spreadsheet to him and he could fix it for her and she agreed. A coworker in an adjacent cubicle overheard the conversation and reported it through the compliance hotline. I muttered under my breath, "Tattletale," and the people sitting around me looked at me with bemused expressions.
I learned early on in the healthcare industry that email is not secure. We have to comply with all sorts of laws and regulations that govern how certain information is stored and shared. If we do need to email a document with sensitive information, we have methods that can send the email securely.
On the flip side, I hate receiving secure emails. There's always some link where you have to sign in or use a one-time passcode. It's just a big hassle. In fact, most of the time if I get sent a secure email I will ignore it unless I am forced to deal with it. Good thing I'm usually not on the receiving end of secure emails.