I've been using Mail.app with an IMAP account for some time and always wondered why it basically loaded the entire folder structure of my web site into its folders.
Anyhow, today I finally decided to investigate, and what I found was very disturbing. I have given various people email accounts with my domain and I had complete (ie. no password) access to these accounts. they were sitting their in my folder structure and I could view the entire messages.
To me this is a huge bug. It doesn't happen in Outlook or entorouge on Mac or PC. Now I would also point out that the accout I am using is the main/default account created with the web site, and I have yet to verify how Mail handles IMAP for the extra email accounts I create, but nonetheless this is a huge security hole.
anyone confirm? agree? disagree?