A protocol that doesn’t enforce security and relies on clients to choose to implement it is a broken protocol, from a security standpoint.

Even if secure email clients exist that always make right choices, because you can’t know what client all your recipients are using, all it takes is one person with a “bad” client (which, keep in mind, is a client that accurately implements the protocol but doesn’t enforce additional security rules on top) to ruin things.