-Fetchmail's POP3 client implementation however has happily accepted
-random garbage as a POP3 server's APOP challenge, rather than insisting
-that the APOP challenge conformed to RFC-822, as required by RFC-1939.
+APOP should no longer be considered secure.
+
+Additionally, fetchmail's POP3 client implementation has been validating
+the APOP challenge too lightly and accepted random garbage as a POP3
+server's APOP challenge, rather than insisting that the APOP challenge
+conformed to RFC-822, as required by RFC-1939.
+