> I see no reason not to do this in UW imapd (and make a user very happy), but > before I do it I'd like to get a sanity check from the community -- is there > any reason why this might be a bad idea?
In my opinion, it's not a software author's job to tell users what level of security they _must_ comply with. If the author wishes to suggest security, cleartext logins could be disabled by default if the connection is unsecure. However, this configuration should not be mandatory. If you were looking for comments regarding the safety of a localhost connection on a multiuser system, in terms of possibility of compromise/sniffing by other local users: I'm not qualified to say. -- "I never knew words could be so confusing," Milo said to Tock as he bent down to scratch the dog's ear. "Only when you use a lot to say a little," answered Tock. -- Norton Juster, _The Phantom Tollbooth_