I do not trust firefox to keep my sensitive information secure so I told to never store passwords or even form data. (I also disabled history for the address bar.)
Instead I use a command line tool that can put username and password into my clipboard. So I go to a website wher eI have to login; if I don't know the password I turn to my password safe and have put the pass into the clipboard. It watches the clipboard as well, so as soon as I have pasted the passwod into the form (or somewhere else) it erases the memory.
This is a complicated process, but it is the only one I find security acceptable. The password safe itself is strongly encrypted, even when it is loaded into memory. Only for a short time is the password in cleartext, and there is no way to avoid that.
When I am certain that no one else can use a program I also let the program store credentials, but only if I am certain is uses good encryption for this data.
Security is a process, so at any given time I might find it necessary to use a different password safe or never have any program store credentials. Security is also a lot about the user's mindset: you should be careful and aware, but never paranoid.
There is no 100% security, there is only the amount of time, effort, and money it takes to get to your data. Hence you cannot buy "Security" like a remedy for headaches. Personally I believe just by being more aware you can greatly decrease the risk to losing control over your data.
Oh yeah, like it was mentioned in the OP, I never never never use the same password twice. Not even for the smallest most unimportant throw-away account. There might be good reasons to reuse passwords, but they are most likely bad reasons. And doing something (or not doing something) for a bad reason is not being careful.
OK back to topic: If an email service does not provide TLS I do not use it.