However, for those using exclusively the likes of Hotmail, gMail, etc, encrypting in transit makes life that bit harder for spooks - they can't just dragnet them on the wire
If the email was encrypted in the users client, they still can't read it off the wire, so I'm not sure what your point is.
If they use a web-based client, their "client" is the web server servicing their requests, and all communication with that is SSL already (or should be). The "client" receives data over SSL, immediately encrypts it with the target users public keys, and stores a version encrypted with the senders public key (for sent mail).
Handling the decryption on the client side would require a piffly JS cryptography standard.
STARTTLS is popular with service providers because it gives point-to-point security whilst still allowing the service provider to do whatever they like with your cleartext - the poacher is telling the gamekeeper how to fix his fences.
We spend billions on making sure Joe Sixer can watch DRM'd HQ cat videos in his browser without the chance of Joe being so evil as recording it, but we cant spend 1% of that to properly fix email security...