We've thought of that, so instead you can encrypt your SMTP credentials, and lock it to a single domain, and pass a secure token instead of the credentials instead