Take the closed-source API client. How does it ‘make reasonable efforts
to prevent and discourage other API Clients from using your
credentials’? It's not shipping source, but does embedding it somewhere
inside an ELF executable count as reasonable? I disassemble machine
code a lot, so perhaps it's only reasonable if they make some effort to
disguise it?
I can't argue that it's NOT bullshit. I suspect the writers of that are
used to apps on phones or tablets, where it's much harder to get at the
actual executables.
Getting back to the ORIGINAL thread ... regarding JMAP, I have no
objections if anyone wants to work on adding it to nmh. But AFAICT,
the same security issues exist with it as they do with IMAP in terms
of API keys. Just in terms of protocol coverage by email providers,
IMAP is the obvious choice.
--Ken