Now the Emailpasswords (maybe other too) are saved in plain text.
Is it planed to change this to some sort of encrypt ?
The problem is if your server get hacked it makes a big difference if the get only the md5 hashes or the plain text passwords.
Think > 50% of all End User uses the same Email/Password combo in Ebay/Amazon/whatever too.
The only Reason for plain text password that i know it to get CRAM MD5 working at pop3/imap4 login.
But CRAM isnt used anymore from all big providerer (gmail/gmx) because of this plain text problem.
If the user want encrypt his pop3/imap4 connection than he should use ssl thats real safe.
Think changing to md5() password hashed would very easy.
Maybe as option (Real Password/md5 Passwords) at install time.