HenBen - my point was simply that strong crypto is a lot easier to use than it was in the past. Yes, many webmail providers don't do SSL yet. The solution is for them to spend $50 on an SSL certificate and get into the late 90s, not for us to go around making our wireless networks less reliable and harder to use. Programs like ettercap make it very easy to sniff passwords even on switched networks, so I tend to see the use of an unencrypted protocol as a security nightmare waiting to happen. It's much better to check the "Use SSL" option on the server and clients and avoid that whole class of problems, even if it does mean reminding a security-naive admin that this is a Really Good Idea which they should setup soon. Otherwise you end up with the "crunchy shell, soft chewy inside" network which significantly amplifies the damage from the inevitable worm, disgruntled employee, trojaned desktop, etc.

Some of this may be colored by my job as an admin in an academic environment - you don't even want to think about trusting campus networks - but I think it's increasingly necessary elsewhere, too. Things like HIPAA really raise the risk of continuing to do things the way we did a decade ago and the general trend is towards more accountability and higher fines for inadequate security.

As far as file sharing goes, it's probably not that hypothetical GP's biggest problem (far more data seems to leak from Outlook worms and careless/dishonest employees) and they arguably should be encrypting the files directly but there's an easy solution which requires no client-side software: WebDAV over SSL. Windows and OS X users can interact with it just like a normal file server and it's completely secure (OS X users arguably don't need this as 10.2 uses SSH tunnels for AFP networking but it's nice to have the option). SFTP is even more portable and the GUI clients are quite easy to use these days. Sure, it requires learning a little bit but that's a requirement for most jobs these days - smart business owners are not going to be that sympathetic to the inertia argument when compared to the prospect of, say, ruinous HIPAA fines.