---------- vanilla imap is an insecure protocol, unless you only run it in secure mode (imaps, port 993). If anyone sniffs your regular unencrypted imap traffic they will not only be able to intercept your email, but possibly to login to your account ----------
Don't forget about POP, it is no more secure/insecure then IMAP. Both will pass the plain text password and plain textemail. If your already using POP and not concerned about it, using IMAP is not going to be lesssecure. Same with ftp and telnet. Like Eric said, using IMAP with SSH is a very good idea if youare able to. Good example with the SquirrelMail also. My web server is a private IP so to access it from the outside, I tunnel my localhost:80 over SSH to my web server. Using IMAP andSSH is like an information swiss army knife.