If you modify the source, the AGPLv3 requires you to "prominently offer all users interacting with it remotely through a computer network" the ability to download the modified source. As far as I can tell, that includes anyone who can so much as view the login screen - there's no minimum level of interaction required - which means that even people who are only running Mailpile for their own personal use are affected. It definitely doesn't just affect SaaS providers even though they were the main target of the clause.
Simply running the software does not require me to accept the license. This is explicitly stated in section 9 of the licence. So it doesn't matter what it says in section 13, I don't have to comply with it. If you don't modify the software and don't "convey" it (for which usage is specifically not "conveyance" as per section 0), then there is no exposure to risk at all.
What does trigger that (which you somehow elided from your quote) is modifying the source. I must accept the license in order to modify the code as stated in section 9.
Having accepted the license I have a responsibility to offer the changes to all "users" interacting with it remotely. Very unfortunately, they don't provide a definition of "user". This may be intentional, though. There are legal definitions of the word "user" and it may not be possible/desirable to try to override the term in the license.
IANAL but in my experience, people who gain unauthorized access to software are not defined as a "user". I can't enter into a contract with an entity of whom I am unaware. There is a crucial difference between inviting people (even random people) to use the software and having a system that just happens to be accessible. There is a huge amount of case law on the topic, so if you are really curious I'm sure any lawyer can give you good advice.
