I've spent the last two years building a new email client

[crystaln]

Nothing will. The vulnerability of what happens to your data after it is sent to a third party is the same for any app, web or native.

The biggest difference is that it's way easier to see where you're data is being sent in a browser, since it has built in tools. It's very hard to monitor native app traffic that is sent over SSL.

[stephenr]

When the app is native there no requirement for a third party server.

You, Your mail (provider) server.

Vs

You, the server hosting the web app, your mail (provider) server.