How rare is that? Basically everyone has a phone today with an email client.
You shouldn't do that anyway because you're giving your password (and your keys if you encrypt!) away with that.
The problems are that some people hate the certification scheme of S/MIME and use GPG which isn't better at all. Then it's user unfriendly to generate the certificates (if you want to be a good email provider, do the job to provide your users with signing of certs) cert and to get them onto all of your devices (I'm looking at you Apple!).
Not terribly rare for me - I probably do it about once a week.
Currently my threat-and-countermeasure model doesn't include obfuscation from the eyes of state actors. I do want to change that, though, so I'll have to break this habit.
