| > The app downloads your emails into their server. They need to do that to back up the emails. The product may not be something you are interested in, but it doesn't mean the execution is flawed. > Yes, they store that actual password. Which is ridiculous. They have to in order to retrieve the emails. Blame the standards! > Yes, good for them for that, but still there are others where they store passwords. And that is not acceptable. See above > But that also means that they outsource the security part of things. > Which doesn't lend faith to the idea that they know about security. > And if someone realises how to control their application, all the passwords will be hacked. This isn't something with a black and white answer and I respect your opinion on this. I personally feel that they may know plenty about security and have decided that this is the most secure option. For example, I wouldn't write my own crypto, because I know enough about security to know how hard it is to do right. |