A consequence of taking this axiom to the extreme is that you might not be able to support many diverse threat models though.

Well then you develop seperate tools for separate threat models. Covering all possible threat models is impossible and supporting many of them is a heavy maintenance burden that can easily lead to the standard user having their threat model compromised due to the added complexity.

Fair point. You could have "locked down" tools for standard users and "I can install my PGP smartcard extension" tools for power users. I guess in this case it was unfortunate that Thunderbird happened to be used by both the standard and the power users.

Cartering to power users isn't usually good for marketshare because it means you limit your market share to a small subset of the market. Making Thunderbird more accessible and making GPG more accessible, even if that means you can't support some niche use cases, is usually the better choice.

For a mass-market client, yes. But in an ideal world there would be alternatives that don't aim for market domination catered to a more advanced user base. Those could include functionality that would be unsafe for users who don't know exactly how it works.

Well, that is what extensions are for in Thunderbird. As long as atleast one poweruser is willing, they can write the powertools.