All valid & useful points. An online (free) server that has NO part in the encrypting or entering a PW on their site, to use to generate the encryption, etc. As (one example) on Lavabit (or similar) handed over encrypted email & the "means" for LEAs to decrypt the mail (I forgot the exact details).
Yes, we're trading international top classified secrets - over Gmail, etc.
No BudMan, we don't need 256 bit encryption. At least not w/ current technology levels. But, many encryption prgms offer either very weak or very strong encryption. So, it's take what you can get (for free, or small donation).
But I DO use strong encryption (& strong PW / keys) for my financial acct #s, bank login info, etc.
Though some might, I never intended to encrypt email about the weather. Things encryption may be useful for individuals - legal / medical correspondence; sending info about such things to family members; discussing things that are, or are mistakenly interpreted as being of interest to HLS / NSA. Many don't want HLS scanning their email & kicking them out into an "inspect closer" pile, because it happens to have a few political / gov't security buzz words in it, any more than they want anyone w/ a "big ear" long range microphone, sitting outside their house, listening to private conversations. That would be an invasion of privacy & is creepy.
No, don't NEED 256 bit encryption unless trying to protect something really important. If I'm going to encrypt either email or files on my PC, may as well use something strong, if it takes no more time to do it.
I guess w/ PGP, you select the strength of the keys. But many stand alone software, you have one encryption bit strength choice, then of course the chosen strength of PW / Phrase (or in some, Keys).