If you get physical access you can also read all the mails in Apple's Mail.app, or any other app on the device. Maybe not using a tool, but you can easily read them in the app, forward them, and send fake e-mails using the account of the user.
Not if the device is locked. The author talks about this in the post - a properly secured file is only decrypted when the device is unlocked (in which case the mail is readable by anyone with fingers, no need for fancy USB cables).
When the device is locked the file is encrypted and cannot be easily retrieved with a USB cable and a file explorer. An app that does not properly secure its files is readable even when the device is locked.
That's not entirely correct. If the app uses the correct APIs to inform the system that particular files need more protection, then those files receive more protection. The details are available to a free dev account on Apple's developer site. As long as the device remains locked, such files remain encrypted.
Whether users pick appropriate passwords is another matter entirely.
Are you sure about that? I would think that Mail.app used apprioriate file protection settings, in which case the file contents is encrypted with a key derived from the user's PIN/passcode
(edited to make my point more clear :)