“The major disadvantage of PLAIN text passwords on the server of course is that they are readable. Even if your communication with the server is encrypted it is troubling to have readable passwords on the server. You can easily change this by using the dovecotpw command and creating encrypted passwords.”
How To Create Virtual Accounts with CRAM-MD5
Submitted by a_weber42 2009-11-10 Privacy, Security 3 Comments
MD5 is not sufficient for any situation where there could be an adversary. http://www.mscs.dal.ca/~selinger/md5collision/ Use SHA-256 or the like. MD5 can only be useful when checking for errors when no attacker is suspected.