The point is to encrypt messages so if the sender and receiver wish for their communications to remain private, a third party can’t snoop on them by reading their email while it’s in transit.
That’s not something the NSA needs to break. See #3
There are other anti-spam methods, including Bayesian filtering, blocklists (Spamhaus), and more. Some of these methods work at the server level, making it irrelevant what email client you use.
And as I pointed out, none of those work as well as gmail’s which is the point. Bayesian failed long ago. spamhaus doesn’t help with new sites which the spammers create on the fly.
Browsers can filter out Javascript. Most email-based browsers are smart enough to do this, and more, e.g. purposely fail to display images which may contain tracking beacons.
You’re missing the point. It’s not JavaScript in emails that’s the problem. It’s the JavaScript running the email app. All the NSA needs to do is convince comcast to supply the NSA’s JavaScript when your browser requests https://mysecureemailserver/emailprogram.js. See http://www.matasano.com/articles/javascript-cryptography/ for reference.
