Nobody who cares about security would willingly use webmail.
Web browsers are the biggest network security hole on anyone's system. The most responsible way of accessing e-mail is to use a standalone mail client, one where the mail account credentials aren't stored on a third-party server.
GMX (and the plethora of domains they own) is a passable free webmail provider and is acceptable if you only access it via a standalone mail client.
This is pretty much the same with any free e-mail service including Gmail, Yahoo, AOL, Hotmail/Live/Outlook/[whatever Microsoft calls it next]. People who don't care about security view their mail messages in a web browser.
If you must view webmail (to configure settings, set up filters, etc.), use a content blocker: not for ad blocking but specifically for security reasons. The latter stance is unassailable. Then log out and blow away your browser's entire history (cookies, etc.).