Comment 73 for bug 24220

But the user doesn't care whether the "authentication mechanism" is secure. He cares about whether the authentication process is secure. Is PLAIN/LOGIN over TLS secure in the sense that the password is protected? If so, we should treat that situation as secure. And I personally would like to know the answer to this question, still. ;)

If we want to insist that this checkbox just refers to the authentication mechanism, I think the UI needs significant rewording to make it clear exactly what that toggle toggles. Right now it sounds like if you uncheck this checkbox your password is sent in the clear on the wire.