There are three separate but related issues about the Clinton e-mail server:
1) Via her poor practices she put operational security at risk, demonstrating that she does not have the judgment to hold any position of responsibility or trust. (Though you might think that would be well-established after Iraq, Libya, and Honduras, a lot of people still don't seem to get it.)
2) She violated the spirit, and quite possibly the letter, of federal records retention laws, demonstrating that she has little regard for transparency or oversight.
3) She may have violated laws regarding the handling of classified information.
Clinton faulted on emails by State Department audit (www.yahoo.com)
Hillary Clinton disregarded State Department cybersecurity guidelines by using a private email account and server, an internal audit found Wednesday. Her staff twice brushed aside specific concerns that she wasn't following federal rules.
The inspector general's review also revealed that hacking attempts forced then-Secretary of State Clinton off email at one point in 2011, though she insists the personal server she used was never breached. Clinton and several of her senior staff declined to be interviewed for the State Department investigation.
Earlier this month, Clinton, the likely Democratic presidential nominee, stressed that she was happy to "talk to anybody, anytime" about the matter and would encourage her staff to do the same.