The instructions say to use SSL/TLS and unencrypted passwords. Is it possible to add encrypted passwords on top of SSL/TLS? (belts and suspenders for the paranoid)
I’m not sure what you mean. If you use TLS your password is encrypted by definition.
Thunderbird, and perhaps other clients, allows encrypted passwords in the pop/imap server settings. This apparently is intended for for servers that don’t provide SSL/TLS, but could in principle apply on top of SSL/TLS. Apparently it’s extremely rate to find it with SSL, however.
I’m unfamiliar with the setting in question (at least as stated), but in theory it won’t really matter how your email client stores the password. A well designed email client should always be storing it encrypted, and that won’t be dictated by our service. When it submits to the server over an SSL connection, it has to submit the password in an encrypted form or it will fail. The only way to submit it successfully without encryption would be to use an unencrypted connection (ex. port 25 without starttls).