SMTP isn't insecure, it perfectly provides the level of security it is designed to - which is none - it cannot be considered insecure as there is no security to subvert. A protocol can be considered insecure where it is designed to offer a level of security and fails to do so - WEP wireless security is an example of an insecure protocol.

Semantics aside, SMTP provides no security and so should not be used as a transport for sensitive data. It may be that you use TLS to provide a secure channel to the SMTP server, however only the communication between the client and server is encrypted. The email itself is usually stored in plain text on the server.

That server must then deliver the email to the recipients server, and then the recipients server must deliver the email to the recipient. There may be several hops that the email passes through on its way, and at no point is there any guarantee that the server to server hops and server to recipient hops are encrypted. In fact, it is usually the case that they are not.

If you want to use SMTP as a secure medium for transmitting data, then a good solution would to using something like GPG/PGP which will enable you to encrypt the email (automatically) during composition and have it decrypted only at the destination, and only by the recipient (provided the encryption key is not compromised, just as with any form of encryption). GPG/PGP is well supported in many email clients.