In the scenario you describe above, the unencrypted contents of your email are now generally stored on at least 4 machines (maybe 3 depending on what the recipient's POP settings are), with only one most likely being under your control (the client you wrote the mail on).

The benefits of encrypting the message as well as the transport are mostly for dealing with that fact.

Yes. The adversary is assumed to be global here and so it can listen to the traffic at both ends. Also, both servers can make copies of the email.

PGP gives you end-to-end encryption, which starts from your computer and ends at the computer of the recipient.

If the SMTP server relays your message in plain text, isn't it vulnerable to snooping in transit?

Yep, and that's the weakest link -- and the one that the NSA is taking advantage of.

It will be a wonderful day when the RFCs are updated to require TLS for SMTP.

you generally only know about the crypto on the first smtp hop. SMTP crypto is fail-open, unauthenticated and not end to end. it's transport only, decrypted on each SMTP hop.

mail-transfer-agents are configured fail open by default. There is nothing about SMTP that requires fail open. You can configure postfix to require TLS for all destinations or for specific domains if you want to:

http://www.postfix.org/TLS_README.html#client_tls_encrypt

Depending on your environment you could also do the same thing and require DANE:

http://www.postfix.org/TLS_README.html#client_tls_dane

I am sure exim has an equivalent setting (maybe not for DANE).

What about your respective SMTP servers' disks?