Re: By default...
If I could upvote this more, I would. Email is, and always has been, an unsecured plain-text protocol. You might be able to ensure you have SSL between you and your mail server, but then as far as the protocol is concerned, that SMTP server could be delivering the message to the next relay by semaphore, or by shouting it across a busy pub.
If you want to send something securely by email, send an encrypted attachment, don't depend on the protocol to do the work for you. Even then, you have to consider that your attachment in its encrypted form is visible to world+dog, and that if someone wanted to brute-force it they probably could, so a password-protected zip file isn't going to be much use to you unless you like typing in long high-entropy passwords.
Biting the hand that feeds IT
