Doesn't it makes it just as insecure, if you are sending a message to someone who has a standard email address (I.e. gmail, yahoo, hotmail, etc). Or do both users need to be using bitmessage to send encrypted message back and forth?
ya both users have to be using bitmessage.
good on your for recognizing that though. a lot of e-mail hosts advertize as being secure, but they fundamentally cannot be. if mail comes in unencrypted, then by definition they have to see it at some point. if you send unencrypted mail to another server, then it has to leave their server unencrypted, which means they can see it at some point. by definition. that's how SMTP works.
systems like bitmessage and I2P-bote work because you can only send mail to other users of that same system, and it's encrypted end-to-end within that system.