By design, using public key encryption, a secure electronic payment system, or an ATM all come with much less risk than e-mail, which can easily be exploited.
Others may be able to read the e-mails (either yours or the hotels) and obtain your information as long as they have your login information or if your login information was exposed.