First off, our new zimbraserver rocks. Hands-down straight-up rocks. I've run everything from sendmail to exchange, and zimbra has them smoked. Thanks for the effort developing it, and double-thanks for showing the world how FOSS can be the foundation for a viable business model.
With regard to the URL hover, I've got some concerns about it. First off, Alexa/A9/whatever has a bit of a reputation problem, and while I'm neutral as far as opinion on this goes, it is something I take into account. It should also be noted that the blacklist we obtain from a trusted source for our squidGuard filtering proxy classifies alexa.com as "spyware."
More importantly, we are a school district, so confidentiality is a legal requirement as well as an ethical neccessity for us. It's something I take seriously.
What i'm concerned about is what data is leaking from clients when the hover is called up. What is going out? is it a "give me foo.com picture" or is it "give me foo.com/sessid?something_important_that_shouldnt_be_in_a_U RL_but_is_anyway?" And if needed, how do I disable the URL hover from the admin console?