I set up dovecot and all is well, but before I decide that maybe I will set something up outside of my network, are all passwords secure?
Default POP3 uses plaintext passwords. The Dovecot author was working on adding the APOP command which implements a challenge-response encryption exchange so that the password is never passed in cleartext.
Another solution is to use TLS or SSL to encapsulate the connection. You can then use plaintext passwords within the SSL tunnel.
