It means that the end user is responsible for ensuring all data is encrypted, where it's easy to make a mistake and accidentally let something through unencrypted. Combined with this other bullet point:
> An unencrypted installed base that ensures encryption will be opt-in for the foreseeable future, meaning that users will routinely reveal plaintext accidentally by, for instance, quoting messages and forgetting to encrypt.
That spells disaster. This is in contrast to something like TLS, where a user with absolutely no technical understanding can visit a website with HTTPS without having to think about it at all (mixed content aside).
Can you elaborate on what you mean by this? If the message is encrypted (for example: PGP/GPG) why do I care whether the transport is secure or not?