Probably because Law Firms arent necessarily computer security firms. Lots of people have terrible op sec. Additionally if you the recipient are on gmail it stops mattering, now Google knows your legal woes.
Exactly, I’d never use Gmail for anything sensitive. Even for just personal emails I use my own mailserver.
(And again, for truly sensitive stuff I don’t use email at all)
Sure even though, as most others, my server supports TLS, having your email not leave gmail at all may be slightly more secure.
Part of the point however was that when either server or receiver is using Gmail, your possibly confidential email content is still in Google’s hands. Using a personal server reduces that part of the attack surface. Still this does not mean I vacate my overall point that email in general is suboptimal from a secop standpoint.
