Sounds about right.
That’s indeed the tricky thing about email. You can connect to the outgoing mailserver using TLS (more or less equivalent to SSL, TLS is newer), but I don’t think it’s possible to ensure every hop along the way also uses TLS. Plus every server in the middle can access all metadata and contents of whatever you’re sending.
Maybe, if you send emails from MODX by connecting directly to the the recipient mailserver with SMTP (rather than, say, an email service or sending local email from the webserver), you might not have any hops in the middle, but I’m not 100% sure if that works.
To encrypt the content so that mailservers in the middle can’t read the content (they’d still have access to the metadata), you need something like PGP… which is not necessarily the most non-tech user friendly thing. And not supported in MODX as far as I’m aware (though would be very happy to be proven wrong).
What is considered “secure enough” depends on what you’re expecting to send. A health care operator that sends email containing privileged patient information would require more precautions than a business only taking in contact requests, for example.