You simply can't have people not do "anything extra" while also being resistance to MitM. Part of HTTPS' success story is that it's easy enough to set up, but at the cost of being extremely vulnerable (by PGP standards) to MitM. So to anyone who knows how it works, it's "insecure" but people actually bother to use it, so it's about a trillion times more secure against totally passive attacks, than plaintext is. Thus, on average for all persons, the web is more secure than email.
PGP email needs some kind of "lame" mode (where people have keys but they're not carefully certified, maybe just signed by a robot CA), but easy enough that passive attacks are defeated. And it needs to be compatible with doing things right, so that people-who-care and people-who-don't-care get combined into the same network-effect.