In iOS 7, iOS 7.0.4, iOS 7.1, and iOS 7.1.1, Kurtz found that email attachments are not encrypted. He also found that the protected data feature in iOS 7 doesn’t work with those same attachments, although it does with other functions.
I verified this issue by restoring an iPhone 4 (GSM) device to the most recent iOS versions (7.1 and 7.1.1) and setting up an IMAP email account1, which provided me with some test emails and attachments. Afterwards, I shut down the device and accessed the file system using well-known techniques (DFU mode, custom ramdisk, SSH over usbmux). Finally, I mounted the iOS data partition and navigated to the actual email folder. Within this folder, I found all attachments accessible without any encryption/restriction:
Kurtz says that Apple is aware of these issues and has promised a fix.
I have no doubt Apple will fix this issue promptly. Still, shouldn’t this type of issue have been resolved many years ago?