I was reading this in the zimbra Blog and started wondering how this could be done without user authentification.
So just tried http://myserver/zimbra/username/inbox.rss and I got a xml file containing my inbox's emails (See screenshot) without a single password!!!!

I didn't see any Admin option for enabling/disabling it, so I guess that is open by default.

This is a big breach on Zimbra security access. Why Zimbra want secured IMAP by default if inboxes can be reached without passwords?

The blog entry is quite old and I didn't see anything else about that on Forums or Blog. Anybody knows what happen with this???