Comment 7 for bug 24220

I think this is more of a problem than it seems because it allows a
monkey-in-the-middle attack. The mitm could make the client think the server
doesn't support non-plaintext authentication, steal the password, and let the
rest of the communication pass unchanged, so the user wouldn't notice anything
unusual.