Actually the only thing CaCert.org does when issuing an S/MIME certificate is to contact the mail server and check if the mail account exists. Its not like anyone has to show a personal identification for authentication. However below 50 assurance points the CN is named as “CAcert WoT User”. The only real requirement seems to be a valid TLS setup. I dont see why a server that has obtained a valid SSL certificate for web and TLS might not issue S/MIME for this domain as well. One problem might be the expiration period, you don’t want them to run out every 90 days.
The real issue with mail encryption is that its rarely done, like https the era before Let’s Encrypt.