Hushmail implements GPG, though perhaps it does not pass your definition of 'popular'.
Any current implementation of GPG by _web email_ is probably insecure as it would rely on JavaScript cryptography. Perhaps when the W3C passes the browser cryptography draft, and browsers start adding that in, we might see this. But the economics aren't aligned, because popular web email services want to see what you read and write, so they're not particularly motivated to give you strong encryption.
Any current implementation of GPG by _web email_ is probably insecure as it would rely on JavaScript cryptography. Perhaps when the W3C passes the browser cryptography draft, and browsers start adding that in, we might see this. But the economics aren't aligned, because popular web email services want to see what you read and write, so they're not particularly motivated to give you strong encryption.