I noticed that when I set up custom SMTP, the username is not encrypted and is exposed in my open source app. This is not the end of the world (I have workarounds) but this should be encrypted too. I use Mailjet and the SMTP username is the Mailjet API key.
2 Likes