"fewer potential exploit avenues"
Just a few big exploit avenues: Google, Microsoft, Yahoo, your ISP etc.
"and/or points of failure."
The same.
One point about ISP-hosted email: people just assume it's there and always will be. I read of one person who changed ISP and then discovered, too late, that his emails were on someone else's computer because he hadn't downloaded them and because he wasn't a customer his email account was closed so all his old emails were lost.