Re: Colour me surprised ....
"First rule of secure communications, is to assume that your communications aren't secure."
It sounds nice, but if you take the position that your communications *are not* secure then logically there is no point in taking any steps to secure them.
What you actually have to do is assume that they *might not be* secure in ways that you don't yet know and you should attempt to mitigate against those by layering security elsewhere and (if you have the resources) supporting attempts (by yourself or others) to learn more about the things you don't yet know. This philosophy is much less memorable, but leads to concrete suggestions for action on your part, so it is more useful.