That could be true but only applies to people subject to the American legal system, i.e. those with American citizenship or living on American soil.
For the other 96% of us, the American legal system offers no protection whatsoever, as far as I'm aware.
This deficiency is not true of all jurisdictions. As far as I can tell from reading articles 1-3 GDPR, the GDPR applies to all processing that takes place within the EU or on behalf of an EU entity, regardless of whether the subject of the data is a citizen or resident of the EU. Same goes for the Swiss data protection act [0].
So as a non-American, I have a choice between services located in a country where I have no legal rights and services located in countries where I do.
This is also all from a security point of view. From a privacy point of view, I know that American companies have essentially free reign over the data I give them. They can monetize it, sell it, train machine learning models with it or do whatever else they please, regardless of whether they have my explicit consent.
Other jurisdictions have privacy protections, so I know I have some basic level of privacy if I choose say a German email provider, while I know I have essentially none if I choose an American one.
Really, as a non-American, I see no reason why I should treat American services as being any better than say Russian or Chinese services. I'm happy to listen if you have any compelling arguments though.
[0]: https://www.fedlex.admin.ch/eli/cc/1993/1945_1945_1945/en
