The bottom line for me is:
Why are e-mails still not safer in these days? Why does no one develope a secure e-mailing system without the need of beeing bound to a company offering keys or such? We are living in the 21th century, e-mail is too out-dated for beeing used that way any longer.
Nobody seems to implement
The OpenPGP standard.
Of course, even if a signed e-mail is needed to reset a password, you still have the compromised computer problem. You can mitigate this my having your "very secure" key on one computer, then signing keys for your less secure computers stating you trust those computers
almost as much as the secure one (you would do this for web-mail as well). Every time your keys expire, you have to use them to sign your new keys as well. Presumably, you have to hold onto your expired keys indefinitely so that you can read any encrypted e-mails at a later date.
I don't think computers will be mature until the mid 22nd century anyway.
Edit: The way to avoid being bound to a signing authority is to publish your own keys. Your recipients then have to know enough to confirm the public key fingerprint using out-of-band communication. I tried to do this for a local bank and was told that the actual server would be different in different regions of the country.