I think it would be good to have a toggleable Runbox account option that would let a user make it impossible to login-to / interact-with their runbox account via a non-encrypted connection (e.g. non-encrypted POP, SMTP & FTP).
I tried out a new email client recently and I’m pretty sure that during the account setup phase, the software interacted with my account over an unencrypted connection. It was only after the account setup phase that I was able to reconfigure the account and activate encrypted connections for both IMAP & SMTP.
This result of the above is that some emails were sent without encryption over the Internet and possibly my password was too. This wasn’t a practical problem for me this time round, but I’d like the ability to stop this happening in the future.