The only safe way is encryption, from your computer to theirs.
Correct on encryption.
While it’s good to delete all that - once the bits are out there, they’re out there for ever. All the data tracking, logging, etc that happens across all the server hops there is no hope that anything send electronically is private or unrecoverable.
That also means yahoo could most likely figure out who the hacker is...if they wanted too. I hope the FBI/CIA get involved (did I just say that?)
That is better than nothing, but doesn't mean that the system admin of the email server can't see your email.
It's trivial to make a copy of any mail that hits the server and store it elsewhere.