As Mike Waltz had found out. And Snowden used gpg and I haven't heard of a single message of his having been decrypted.

I say this as someone who uses both.

* PGP doesn't encrypt email metadata, so the attacker gets a record of every senders, receiver, time, date, and subject line, for free, with PGP actually working at its best.

* Email usually isn't usable without storing it server-side (for multi-client access), and without being able to search it. That requires your email to be in clear text on the server. That's solved with an on-prem mail server, but not many people have that - very few end users can operate one.

* Email endpoints generally aren't secure, so even if you somehow secure your personal mail store, possibly nothing is secure except your draft messages. Every email is sent to or received from other people, so your messages are subject to their security practices.

What he does or does not endorse means nothing.