Easy account sync between devices is a good enough reason for me. It can be implemented securely, so in general I don't see a problem. Hey, Google Chrome syncs saved passwords, online password vaults like LastPass do this too, are they security-incompetent too?
Don't know what hash function and encryption they use, but I think it's possible to pick/configure them so that brute-forcing even 6-character passwords is impractical.
If you're willing to gamble your imap password on their undocumented process then that's fine.
I posted my warning because I think most users are not even aware that they're sending their password to inky and the implied risk. Also inky does nothing to educate them (a handwavy marketing-blurb buried in the FAQ does not count).
Sorry but comparing inky to LastPass and Google is laughable. Google is trusted because it's Google. LastPass is trusted because their process is extensively documented. If you plan to casually juggle your users crown jewels for a convenience-feature then you'd better fit into one of these two categories.
