To this end, I would like to point out[0] the following best practices when using a fundamentally insecure application like Mailman over a fundamentally insecure protocol like SMTP.
- Don't use a password that matters to you - in fact, Mailman will generate a random one for you if you omit it when signing up.
- Don't use an email address that matters to you - create a new one. I have Gmail invites [link|mailto:peter.whysall@gmail.com?subject=I'd like a Gmail invite|available] if this is problematic.
- Er, that's pretty much it.
Short of doing everything over SSL, there's not much that can be done to address Drew's original point.