If I use IMAP for the contact form, I have to insert the password. This is sometimes inconvenient for customers because I know their email password. Is there a better solution in the pipeline? Or could the mail() script be made more secure (mail header injection, honeypot, locally loaded math captcha etc.)?