I'm developing a web app. One of the required features is sending emails, in this case using mandrill or mailgun, which works pretty fine.
My question is about the sensitive data as passwords, password reset links and other possible stuff... is this secure to do so through a third-party app? Are you used to do so? Since i'm not a server admin and i don't want to set a mail server for such that things... is that a good and secure option? or how do you handle that?
Best practice is to treat email as an insecure channel.
Passwords should never be sent via email, password reset links should be one-time use only, etc. Mandrill, Mailgun, and similar services make no promises on data security or compliance.