In theory that makes sense, one thing I specifically omit as to why I stopped running my own service is in the past in a bout of paranoia due to the onset of a mental condition, I literally rm -rf'd my laptop, including a lot of files that were unrecoverable. Thankfully I didn't do this to my server at the time. Even though I've been stable for a long time, all it takes is a relapse (or even just a lapse of judgement) and boom your servers (and backups) become vulnerable.

I also don't trust that I can secure my systems and backups better than a company that dedicates itself to running a service for multiple users and have dedicated security/infrastructure teams. Sure I've never actually had an issue, but as with the anecdote of my friend, it just takes one failure. Also economies of scale helps with security; it is easy for an attacker to exfil or do damage to a smaller corpus of data (few to no customers [users]), than a large corpus of data across 1000s of customers.

I wouldn't trust a free service or a service that doesn't provide adequate support such as Microsoft or Google, but there's obviously a good selection of email providers out there that do an excellent job, much better than those self-hosting because they work with economies of scale.