[laurenceputra]

what they could have done is to allow users to autoforward their emails over to their servers or something. not impossible, but i'm not their employee and i'm not responsible for thinking up business strategies for them.

so yea. not necessary

[Xylakant]

You can only archive incoming e-mails via autoforward, not drafts and not outgoing email (unless you use their mailservers, which is something completely different). If I want archiving for my e-mails, I have to give up my account credentials. You could actually do sufficient mischief with the archived e-mails, you don't need the account credentials in the first place. That sucks, but it's not their fault, this kind of service is inherently insecure.

Now, if you can demonstrate that this particular company has a particularly unsafe way of storing the passwords or the retrieved e-mails, then you're getting closer to having a valid point.

[thaumaturgy]

So what you're saying is that they should limit their market to those users that can successfully set up email forwarding, solely because storing passwords is bad.

Part of the service they're offering is that they'll restore the contents of your mailbox in case of accidental or malicious deletion. I have

    mail:/var/mail/associatedtechs.com/rob@associatedtechs.com# find . | wc -l
    24846

...almost 25,000 messages in my mailbox. How do you recommend that they restore 25,000 messages to my mailbox without my account credentials?

[laurenceputra]

and by storing the passwords, they are putting their users at risk. and we are in an era where email security means more than anything. it means access to all your services.

they should go think about how they can design a service securely before offering it.

[phpnode]

your argument is similar to: "it is impossible to design a bank that can be kept 100% secure from bank robbers, therefore we shouldn't use banks"