I thought that was a ridiculous concept as there's no possible way an email account would give permission for anything beyond that account, right?
Recall the old saying about assuming?
Two words: due diligence. No one likes having to research and read up but it's each person's responsibility. Granted, the employer should be ensuring that employees are aware of their specific policies on this matter but each of us has to take the initiative to understand what we're getting into. We can't just expect to be spoon fed everything. If you aren't sure, don't know, aren't having any luck with searching, etc then ask.
Shouldn't iOS notify me that this is a possibility?
That's a matter of opinion. It's a slippery slope IMO as iOS can't notify you of every potentially harmful eventuality for every action you take on your device. Where does the line get drawn and why do we use your placement of the line versus everyone else's?
IMO if it's important to you then you should be looking into it. I'm not just preaching here. That's precisely what I do. It's why I've never used company devices for personal use and person devices for company use.
The ability for that to affect anything beyond emails on my phone seemed crazy to me.
Start up a business, allow your employees to have sensitive company data on their devices and then tell us it's crazy. You have to consider more than just your own perspective on the matter. Could there possibly be a less heavy handed approach? Sure but it is what it is.