In today's world revealed by Edward Snowden and what happened to Lavabit, there is no assurance that what you do is secure.
All secure email sites have been attacked like Lavabit by our governments. Here's one article on the subject. https://en.wikipedia.org/wiki/Lavabit
-> OK but what about that site hijack? My bet is the site is not well crafted and their advertising was done incorrectly and wasn't made to be easily dismissed. It's not a sign of infection from what you wrote.
Then this: https://threatpost.com/researchers-find-85-percent-of-android-devices-insecure/115030/
For me this means I can't use my phone for anything that involves money, etc.
I understand if I connect to public wifi and log in to accounts that can be intercepted. But what if I am in public, do not connect to any network and check my email. I created an email account when I first got my phone with a password. The phone has never required a password since so I assume it is stored somewhere on the phone and resent any time I start up the phone. When I read email on my smart phone in public is it broadcasting my password? Can it only be intercepted if I connect to a public wifi source? Can it be intercepted if I am using my 4G data plan data?
If I surf the internet via using my data plan can that be easily hijacked? For example recently I was checking scores on m.mlb.com when some ad site seemed to take over the phone. I turned it off and scanned it when I got home but had to clear cache and data in addition to clearing history to keep it from starting back up on the ad site.
So if I am using just my 4G data plan how careful/paranoid do I have to be?

Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic