Exactly my thoughts. Also, many people have given up signing emails with pgp as most recipients use cloud based service like Gmail making it almost useless. This leaves a small niche community where both ends are outside the cloud based email network like journalist usecase maybe.
signing emails is by far not the only use-case for gpg. The entire package signing infrastructure of all linux distributions is underpinned by gpg. Even if they spend all of the 15K each month on having a single developer audit and improve the code-base, I'd be fine with that.
