That’s fair, and that is how I was thinking about this before Camp. Me from two weeks ago would have agreed… but today I feel differently.
The key insight at camp, was that although PGP/MIME allows for a lot of complexity, and supporting inline PGP potentially adds even more, the diversity of “legitimate” message structures seen in the wild is actually very limited; unusual structures are extremely rare, which means we can be quite conservative (and thus safe) about what we decrypt, while still maintaining broad compatibility with existing OpenPGP encrypted mail.
Changing the UI as you describe is much, much more work and is also dumping a bunch of work on the user for every single mail they compose (reviewing and considering what gets quoted). Which is why I hadn’t implemented it ages ago, in spite of mulling this problem over for quite some time.
Thanks for sharing your thoughts!