I've never really heard a lot about security issues with IMAP. I do know that Yahoo, Gmail, Outlook are using OAuth2 for authentication. So far I've been able to avoid using that. My email client didn't have the capability to use that at one point. Now it does, but enabling it seem like a pain in the rear.
With Yahoo I have to use App Passwords for all of my accounts; two IMAP two POP3. Also the same with AOL, I have one account, connected via POP3 and IMAP (testing).
With Gmail I have to turn on "Less secure app access" in Account, Security. They remind me all to often that I have the enabled and recommend I turn it off. That's not going to happen.
So far I have been hit with 2FV yet. I Have two gmail accounts. One setup for POP3, one for IMAP. I have never been asked to add an App password with Google.
Outlook I have four accounts, all are POP3 and all are working normally.
I am guessing eventually I will have to configure for OAuth2.