These points were exactly what I was thinking as I reading the summary. I would mod you up if I had mod points.
Although as a partial counterpoint, if it is noticeably cheaper, it might indirectly allow the balance point between cost, speed, and yield of mass produced parts to be a bit faster...
In my case, $DAYJOB now uses gmail-hosted "G Suite" email, and has configured it to require either the web interface, or OAUTH2-based POP/IMAP/SMTP authentication. No app passwords or other options are available.
As mentioned by others, it generally seems really low security to trust your data to a server not directly under your control, regardless of whatever access controls it supposedly enforces.
It is debatable if all the extra hoops needed for OAUTH2 actually improve or degrade security, especially if you use a strong password (long randomly generated), protect it carefully (e.g. password manager), and also treat recovery questions the same way as the password (long randomly generated, stored securely).
To actually have usable, email, I wrote up some instructions, patches, and scripts to allow me to use any local email client while relaying through google with OAUTH2. In my case, I prefer mutt, but with this infrastructure, I could use any email client I wanted. Perhaps other people might find my instructions useful.
Why was his laptop not encrypted and if it was in what way did it prove to be insufficient? What is the best way to encrypt a laptop and keep it safe from prying eyes?
He did encrypt his laptop. The agents that arrested him watched him from a distance until he logged in. Then they moved in, making sure they didn't give him a chance to lock it.
The article's links seem to have better real experimental data backing them up, but I still think I prefer reading http://www.joelonsoftware.com/'s 15 year old article "Human Task Switches Considered Harmful". The second half of "Where do These People Get Their (Unoriginal) Ideas?" is also relevant.
In the last few years he has posted much less often, and when he posts, it is usually only announcing the latest product his company has made, but most of his older "reading list" articles (from the front page) are still excellent.
Properly implemented, SRP does not store the the secret on the server end. It only stores v=pow(g,x) mod N, where "x" is a secret needed on the client end (derived from the password), and can't be extracted from v without either using a brute-force algorithm (try all weak passwords), or solving the discrete logarithm problem. You may want to read https://en.wikipedia.org/wiki/Secure_Remote_Password_protocol more carefully.
I hadn't looked at SCRAM before, but from at a quick glance it looks like the only thing preventing an attacker from brute forcing weak passwords from nothing but a passively captured login session is an expensive-to-compute hash function (PBKDF2). It isn't as bad if SCRAM is wrapped in an SSL/TLS session with associated certificate, but if you really trust nothing has MITMed (i.e. incorrectly trusted certificate) or otherwise broken TLS (from the perspective of the client authenticating the server), then why not just send the password directly through the tunnel (from client to server), and avoid extra complexity?
Note that capturing a login session is generally a much lower bar than obtaining the password database, and SRP does not allow brute forcing even trivially weak passwords from just a captured login exchange. (As long as there aren't any huge breakthroughs in quantum computing or other discrete logarithm algorithms.)
All that said, you are correct that SRP or other low level single-connection authentication mechanisms do nothing for the cross-party authentication issue discussed in the article.
But they most certainly are not selling a 4 year old computer.
They actually are. As of this writing, the non-retina Macbook Pro is still available for sale on Apple's site. Go to apple.com, click Mac -> Macbook Pro -> Buy and then scroll about halfway down the page. That model, which is being sold for $1099, hasn't been updated since June 2012, though it did have a $100 price cut in July 2014.
Waste not, get your budget cut next year.