Quite true. It would appear that one of the biggest problems with publicly avaialble crypto is the key generation phase. serious bugs have been found in key and entropy generation routines over the year. It's apparently something that is fairly easy to get majorly wrong, and it's not obvious unless you are specifically looking for it. It's actually fairly difficult for computers to generate truely random numbers, absent a physical source of true randomness.
With the processing power we have available today, there is no reason not to use anything less than 256 bit (or equivalent) keys or more unless you are doing real-time encryption of phone calls or something.
The hardest thing about encryption is simply protecting your private keys. Given how hard the NSA and the rest of FedGov works to hack random people's computers just because they can, it's tough to do without using an external token that can be disconnected the 99% of the time you're not encrypting your email.
Then, the other side of it is that you need to get your recipients to understand that encryption isn't just something used by terrorists. The police state has done a really good job of making it harder to use than it should be. Hell, I was using PGP back when it was a command line DOS program. Given the rise of the internet, and general connectedness, you should be using clear text for a small minority of your communications by now.
Sadly, people just don't understand or value their privacy enough to take that step.
Even then, your lesser-strength one-time key should be encrypted and sent to the other party using the higher encryption setting.