Exactly. And that applies to any company not just "evil" ones. It is a bit naive to trust something as abstract as an organization. Trust applies to individual people, and a company is bound to be a very diverse group of people with different agendas.
If you want your mail to be reasonably safe from third-party reading, the only solution is to encrypt it before sending, and ask people that mail you to do the same. Anything that relies on trust is a half-assed solution.
In theory, yes of course, you can encrypt your communications personally and "figure out" on a case by case basis how to do key exchange with the end-party. But that is a MAJOR OBSTACLE for all but the most patient and tech-savvy people and totally overkill for all but the most critical life-or-death information exchanges.
In practice, unless both you and your recipient are operating your own email servers and key-exchange/encryption services, you HAVE TO "trust" a third party with your private information.
The point is that if people send their mail encrypted it is encrypted both in transit and when it is stored on the mail server. So the third party can be anyone, and you don't need to specifically trust them.
Also this isn't that big of an obstacle you make it to be. We're not living in 1995 anymore. A lot of mail clients have plugins or even have built-in support for encryption.
If you want your mail to be reasonably safe from third-party reading, the only solution is to encrypt it before sending, and ask people that mail you to do the same. Anything that relies on trust is a half-assed solution.