It isn't such a small score in absolute terms. ECDH is the clear winner versus RSA, and forward secrecy with ECDH is clearly superior to not having it. You get keys and ciphertexts that are *much* stronger than the equivalent length RSA keys, and with forward secrecy you prevent previous messages from being decrypted if a private key / vendor is compromised. However in a more practical sense, PGP is good enough at higher than 1,024 key sizes and forward secrecy still doesn't protect you if the person you communicate with is compromised or malicious *prior* to you sending them communications (although it does if they are compromised or turn malicious AFTER you have sent them communications)