Active MITM attacks are not easy by any stretch, certainly not against email. On top of that, if you do not begin the attack before the first messages are sent, you will not get another chance, at least not easily. It would also not be enough to control just the mail server; you need to control every communications channel available to the target, which is a substantial effort and far beyond the scope of what we are trying to achieve with email privacy. Frankly, anyone who can pull that off could more easily break into your home and install a keystroke logger somewhere.
PGP's model works pretty well. You get the key from a key server, you communicate through a (presumably different) mail server, and if you need more protection you use the web of trust. Imperfect, sure, but no security system is perfect, and at least with this the barrier to spying is high enough to stop mass surveillance (not true of Lavabit, whose users just have to be thankful that the service was shut down over such a request).
PGP's model works pretty well. You get the key from a key server, you communicate through a (presumably different) mail server, and if you need more protection you use the web of trust. Imperfect, sure, but no security system is perfect, and at least with this the barrier to spying is high enough to stop mass surveillance (not true of Lavabit, whose users just have to be thankful that the service was shut down over such a request).