it's an old protocol that was created for a mostly closed system so security wasn't a thing that the designer(s) implemented.

it has been difficult to get people to encrypt email (historically) because it has not been easy.

I think it would work better if email was encrypted automatically by the sender client like an envelope and easily opened securely by the receiver but it hasn't been fine in a way that mainstream people will understand it use (pgp and all that stuff).

encrypted SMTP would be better too.

I'm sure Governments love how insecure it is.

There are also other issues but they are human issues, such as overuse of CC without even understanding when to use it, lack of training, yadda yadda.

(email servers were mostly what I worked on when I was working so I can wax poetic about it all day)