Dan Hadaway, with Infotex, goes into great detail on the risks associated with misconfiguration of "secure" email in one of his recent blog posts. He even titled his article: "Alarming Recurring Finding", describing the number of banks that he has audited where this has been an issue.
The risk that Dan is talking about is when a bank, or anyone for that matter, purchases a secure messaging service, keeps the default settings, establishes new accounts for their users, and starts sending files.
Where the problems arise is when secure email providers don't require the recipient to authenticate (enter a username and password) to see the message/file by default. The bank is responsible for ensuring this setting is in place, and many are failing to do so (I've seen this with my own eyes as well).
So here's the litmus test: if your recipient does not have to log in to receive the secure email/files that you send, then it's not secure, and you need to take action to enable that requirement.
Read the Full Article on the Dan's Website...