Yes. It’s terrible despite what some providers try and tell you. They talk about using TLS, and other "transport level encryption," but its use is sporadic and the email still sits completely unencrypted on their servers. You need true end-to-end encryption that you control to be truly protected.
Why? Because, beyond the fact that major email providers scan and read your email to build profiles on you... identity thieves, snoopy governments, really any “ bad guy” with the skills, can have a field day with email’s unintended “openness.”