Not surprised at all. Even if it did not start with this intention, one has to suspect that with enough time it will become compromised.
About the only way to even vaguely keep your email private is to use a self hosted server with GPG keys. And any lapse on security updates for that thing and you could be compromised almost immediately.
Beyond that I cannot think of anything more one could do.
I have always treated email as something to travels in the clear. My current provider (Fastmail) is compromised by authority. The Australian Privacy Act 1988 by being based in Australia and it gets caught up by PRISM as the servers are run out of New York.
About the only way to even vaguely keep your email private is to use a self hosted server with GPG keys. And any lapse on security updates for that thing and you could be compromised almost immediately.
Beyond that I cannot think of anything more one could do.
I have always treated email as something to travels in the clear. My current provider (Fastmail) is compromised by authority. The Australian Privacy Act 1988 by being based in Australia and it gets caught up by PRISM as the servers are run out of New York.