1) Using services like gmail & yahoo email (perhaps others too), the network connection from your PC to the correspondents inbox is encrypted. You can see this by looking at the port number being used in your email client software ( if you're using a web browser interface, you can't see it). Port 25 is normal clear text and port 995 is SSL encryption.
2) The problem with (1) is the message (and attachments) are stored in the inbox as clear text files. That allows them to be captured in every pop server backup and to a lack of privacy if the staff gets to poking about. You need something like a third-party PGP service - - see this article.