Browsers cannot be secure...
...since there the encrypted channel is based on public certificates. Though you can get something similar to certificate pinning with self-signed certificates, this can easily be subverted by using normal certificates.
What we finally need to do is to get GPG to be more usable and shipped by default with e-mail software.