Description
PLAIN authentication sends passwords in the clear - in general this should not be used over communication channels which are not themselves encrypted.
For any given authentication provider we should allow the user to set the subset of SASL mechanisms which should not be offered if the attempt to authenticate is not occurring on a secure channel.