Comment by martinald

Yes I know but saying TLS is 'plaintext' is completely silly. It's like saying your credit card number is transmitted in plaintext when you do a TLS ecommerce transaction.

I do understand the point that the article is making, but implying that TLS is equivalent to plaintext is just plain hyperbole. What else can Microsoft do (assuming they want to do this feature?). Encrypt it again on the client side, then put it in the TLS tunnel? It's just double encryption at that point. They need the password

FWIW the amount of users still using unencrypted IMAP is often pretty high in outlook or apple mail. Now that is a security issue. Try using a wifi packet analyzer at a large conference. I bet you'll see multiple or even dozens of plaintext IMAP passwords going thru the air.