I tunnel all my POP connections through SSH all the time, small transfers have little overhead and messages with big attachments actually go faster due to the -C option.

For web browsing I use a local instance of Squid. If I was feeling paranoid about my web access I could reconfigure Squid to tunnel it easily and have all my HTTP client programs immediately be less vulnerable.