Email is very private, however, it is possible that a system administrator at the company hosting your email could potentially read your mail. In addition, email moves through the Internet on servers controlled by thousands of government, education and private sector organizations. It is possible, though unlikely, that a system administrator somewhere in that path could capture and read email. It would be difficult and random, as individual emails move across the Internet in different paths. These servers are secure and maintained by IT professionals, so it would be highly unusual for an individual email to be read. Nonetheless, abuses have been known to happen.
If you want to be very careful, you should encrypt your email, especially if the content is highly confidential (this is particularly true in a corporate environment for sensitive subjects like earnings forecasts, layoffs and raises). Encryption is a way to scramble the data with a mathematical process, called an algorithm, and a digital key that you control. Only people that have your key can read your encrypted email.
If you are sending highly confidential email to someone like your bank, a credit card company or the IRS for example, a very safe practice is to use their online email form rather than your normal email account. This is far more secure than using regular email, because your message is encrypted between your PC and their server as it travels through the Internet. Be sure to look for https:// in the browser address bar. The S is for secure.
For more information see: How does Internet security work?