PLAIN authentication sends the password in cleartext. RFC3501 encourages servers to disable cleartext authentication until after TLS has been negotiated. RFC8314 recommends TLS version 1.2 or greater be used for all traffic, and deprecate cleartext access ASAP.
PLAIN can be secured by TLS encryption.
# File net-imap-0.2.3/lib/net/imap/authenticators/plain.rb, line 14 def process(data) return "#@authzid\0#@username\0#@password" end