Security is not absolute. There are many different types when we talk about email:
1. Encryption in transit - Yes, indeed unencrypted SMTP is common. SMIME and GPG are not as common as they should be
2. Encryption at rest, server side - 99% of providers don't do this
3. Account security - supporting MFA, u2F etc
4. Application security - If there is an official application, does it store saved mail property (ie, not in a big dumb PST file)
So yes, somebody could sniff some plaintext SMTP email regardless of your provider, but the other features are very valid and important.
