iamthekingofthesees writes: Slashdot recently covered Yahoo! Zimbra Desktop's exposing authentication information. It turns out that other Yahoo! applications are affected, although to a lesser degree. Yahoo! is one of the lucky few default e-mail providers on the iPhone; sadly it looks like Apple didn't insist on encryption from Yahoo! On the iPhone, authentication is encrypted, but you can see all the messages sent and received in plaintext. Incoming messages are downloaded in plaintext over the standard imap port. Outgoing mail is a bit harder to find, it is apparently sent by an HTTP post request wrapped up inside a bundle of XML, but security through obscurity isn't very effective. Yahoo! & Apple really need to step up their game when it comes to encryption.