I use pgp daily with my email. I value it. It's good software.
But let's be honest, SSL and pgp are the best we can do to secure comms from http to smtp today?
Key/cert management is an epic fail from a usability pov. Is it done? Yes, because there is NO other choice. But pgp will never ever be anything but a niche application for the paranoid.
SSL? I don't think anyone is going to argue it doesn't need to be scrapped and rewritten from scratch or replaced entirely.
Encryption must be transparent for it to be ubiquitous. We're not there yet. I know this is a hard problem to solve but someone eventually will.
GPG - without trying to devalue the good work put into it - is also one of the tools with one of the worst command line interfaces I know; by default it prints a confusing amount of wholly irrelevant, debug level information, to the point where it's hard to see where the actual output is (eg. --verify success). A slew of different key identificators (short ID, long ID, fpr, name, email, ...) that are all mixed in a bunch of places and only sometimes interchangeable etc. etc.
The UX is just horrendous, and none of the GUI tools improve on that.
PGP-People often talk about a "web of trust". Sometimes I wonder if any of them ever saw a web (like a spider web)? From the UX of popular PGP tools I can only assume no one did, because none of them can answer basic questions (and indeed, the data model doesn't support it, either), like "What's the relation of key XYZ [from an untrusted source, say keyserver] to my key?"
To get the expected result, the user would have to use either
$ gpg --clearsign
(makes it obvious that the message is part of the resulting message.txt.asc file) or
$ gpg --detachsign
(which creates a .txt.sig file) or
$ gpg -a --detachsign
(which creates a .txt.asc file).