I've recently starting a migration over to gmail. I've played around with it on and off for a while but didn't make a move for two main reasons. 1) I'm a bit paranoid my email being used to send ads to me and 2) I didn't like the idea of using an unencrypted web page (once again because of my healthy paranoia). The ad thing is just on principal and is actually fairly easy to overcome with some hacks out there. The main thing was sending everything over the clear on whatever connection I happend to be on. If I only sent emails from home this wouldn't be a big deal, but I'm often on open wifi and various corporate networks. The good news is that it's easy to secure all your gmail traffic. Instead of using "http://mail.google.com/" you can simply use "https:mail.google.com/". As near as I can tell, your login is always sent secure, but if you start with the "http**s**" all your correspondence is encrypted up to the google servers.