You gloss over the key management, but it is the primary failing of PGP (and GPG). The lack of built-in key management means it is only half of the solution, and the community has never managed to coalesce around a single sane solution. Instead we have people trading paper notes or using grotty services with custom protocols and if you just want to send an encrypted email to somebody there's no standard way to look up their key.

I have yet to find an email client that will even do the simple search of the keystores for you. It's maddening.