It was historically true that anyone who could insert equipment at any of the connections between you and your mail provider or between your mail provider and where they were sending email to, could read everything you wrote.

These days we use encryption at every layer by default, and it's very rare to transmit email without it.

I can go on about this at length, but it's very boring.

One thing that is extremely easy to do and remains easy to do is fake where an email is from. Anyone can pretend to send an email from me, and so it's very important to verify my identity every time before doing what I ask.