I'm thinking about the implications of the Lavabit shutdown a bit.
One funny thing about SSL and TLS, as regards mail delivery, is that in general mail servers don't talk to each other encrypted. Using SSL/TLS from your mail client (or web browser, and from web server to mail server) to the mail server protects your password, but when mail is relayed from that server to the destination server1, it's done in the clear - the whole email gets passed over the Internet completely readable.
Hell, your web browser connection to Facebook or G+ may be secure, but those notification emails about everything going on? Yeah, that is all sent over the Internet in plaintext. Constantly.
Unfortunately, the fix for this is about as popular as OpenPGP. One part is to encrypt all the traffic, but of course the only way to do that properly is to know the public key on the other end, and trust it. That's where public key infrastructure comes into play, and certificate authorities that establish a chain of trust that leads your software to say "ok, that public key really is for www.google.com." That public key infrastructure has been subverted before, and it could definitely be subverted again (whether by hackers or by government agents with court-issued secret letters).
If you pretend for a minute that SMTP isn't a problem (after all, if it were being constantly monitored, why would anyone go talk to Lavabit about getting messages off of their servers?), you could probably do something better with mail storage, where the server knows a public key for each local recipient and encrypts plainext messages in a standard way (OpenPGP, S/MIME) so that any reasonably smart mail client that has the private key can decrypt it. The server could even sign the message, and then the user could get some feedback about whether the message was really secure (signed by the sender) or simply stored in a secure way (signed by the server).
Then you get to webmail. Where does the private key get stored for webmail, a terrible thing to which many people have nonetheless become addicted? Well, if you go down the same road as Lavabit, you encrypt that private key with the user's password, and decrypt things on the user's behalf on your server, presenting the user with a normal (unencrypted) view of their mail. There are two big problems with that approach. One is that, obviously, Lavabit shut down because that kind of security still leaves everything sitting on the server.
The other is pretty closely related: Lavabit didn't have to shut down. They could have modified their server to not encrypt a given user's messages, and decrypted that user's messages the next time they logged in. The user would never see a change in behavior, no indication that things had stopped being secure. With the approach above, requiring the user to run software to decrypt the messages themselves, there's never going to be any doubt.
All of that still ignores SMTP, though. If people - real numbers of people, or at least real numbers of the people being targeted - start finding ways to keep their mail storage secure, the next obvious step is to subvert the delivery. And there, the only real secure way to send a message is for the sender to encrypt and sign it, and let the recipient (and only the recipient) decrypt and verify the signature. Nothing else gives the relevant users the proper feedback on what's going on.
1. I'm oversimplifying a lot here, pretending that one piece of software comprises a "mail server," ignoring relays, and so on.