Yeah, it's such an obvious vulnerability, I'm kinda surprised most people here don't see an issue with that.
What people are trying to explain is the scenario you describe requires an attacker to have root privileges on the target server. If someone has root access to a server then your fears are moot and the suggestion to remove code logging passwords offers zero protection. If someone has root they can just read the email storage files, no password needed. If someone has root, and dovecot has no code showing passwords in logs, the attacker can build THEIR OWN version of dovecot that "key-logs" all passwords to a remote server WITHOUT displaying passwords in the logs. This is what people mean when they say if someone has root you have bigger problems then dovecot logging.
