Chrome sync (including passwords) can all be encrypted on the client. Just go to settings -> Advanced sync settings -> "Encrypt all synced data with your own sync passphrase".
Also, if you're this worried, you really owe it to yourself to put in a little effort on your email. Email is often not transmitted in the clear, especially if you're using gmail already, and if you would just switch to a desktop client and IMAP or POP3 access, you can PGP to your heart's content.
I'm aware of the Chrome sync passphrase. If I used Chrome on Android (I don't—I use Firefox), would Chrome back my passphrase up to Google's systems? I dunno.
Is the crypto behind Chrome's sync anywhere near as good as that behind Firefox's? Not last time I looked.
I'm also aware that email often travels via SSL—but it's always cleartext to the sending and receiving hosts. I don't see that I'm suffering an especial risk with Gmail, since someone will always have plaintext versions of all mail I receive; I would be were I backing up data to them which I would never back up to anyone.
> I'm aware of the Chrome sync passphrase. If I used Chrome on Android (I don't—I use Firefox), would Chrome back my passphrase up to Google's systems? I dunno.
At least the docs claim that it's only saved on your device. You can believe it or not. There may be a way to verify that it's not being backed up with your normal Android data, but I'm not sure.
> Is the crypto behind Chrome's sync anywhere near as good as that behind Firefox's? Not last time I looked.
It's never been not good. Maybe you're thinking of back when they didn't have the option to encrypt all your sync data locally, just your passwords? It uses Nigori[1] and the source is all available[2].
Also, if you're this worried, you really owe it to yourself to put in a little effort on your email. Email is often not transmitted in the clear, especially if you're using gmail already, and if you would just switch to a desktop client and IMAP or POP3 access, you can PGP to your heart's content.