I noticed that whenever you set up a new mail account that as soon as you enter the server and the account password, Mac Mail tries to connect to the mail server (i.e. where your email account is hosted). However this connection occurs before you can set the SSL option. So it looks like the initial connection transmits the mail account password as plain text.

It looks to me like all Apple devices (i.e. iPhones, iPads, Mac Computers) use basically the same process, and appear to be trying to make an initial connection to the mail server without using SSL.

This seems like a very insecure configuration. If this is in fact what is happening (and I don't see any evidence to the contrary) then this is a pretty major security flaw. It would mean that users of Mac Mail applications could easily have their passwords read by their ISPs or anyone else who had access to the line during that set up phase.

Any security experts care to comment.