$Id: SECURITY,v 1.1 2000/05/03 07:44:56 jakob Exp $

This port is not safe to use on a system which does not provide shell
access to users who can retrieve mail via IMAP. imapd contains buffer
overflows which a user can exploit after they have logged into imap to get
access to their account on the machine. If your imap users have shell
access anyway, this is not a significant vulnerability. There is also a
vulnerability wherein local users can prevent arbitrary POP2/3 mailboxes
from being opened, and force IMAP mailboxes to only open read-only.