Best practices for sending tax data to and from a tax professional

In this case, using some form of encryption is the best. However, the problem with encryption when talking to non-technology professionals is usually two fold:

• Exchanging the password is often done insecurely, e.g. "send a password in a separate e-mail." Password exchange, if using password protection, should be done on the phone or offline. Also, as you've noted, often passwords are easy to guess.
• Difficulty to use: Often the user experience of using encryption tools (such as PGP) is so prohibitive, either for the person sending it or the recipient, that security measures are turned off or weakened in order to make it easier.

PDF encryption when using modern PDF software is actually pretty good and uses AES by default, at least in Adobe's implementation. However, if you use a weak password, then those benefits are largely undone.

However, there are some good solutions out there that are easy to use:

• E-mail encryption plugins: There are various easy-to-use software out there for securing e-mails. An example of this is Virtru.
• Self-hosted File sharing services like ownCloud: You can setup an instance of ownCloud to securely share files with a link and expiration dates can be set for files.
• Hosted file sharing services like box.com: You can share files encrypted with passwords and expiration dates.

I'd recommend suggesting these options to your tax preparation company, so they can avoid potentially costly and burdensome security incidents due to their current practices.