Taken from http://neomail.sourceforge.net/#qna
Q. NeoMail is insecure! It sends passwords in plaintext! Why didn\'t you implement SSL in it?
A. Because that isn\'t my job.
Seriously, though, a CGI script isn\'t responsible for handling SSL, that\'s handled by the web server it runs under. All links within the NeoMail web pages are relative links, thus, if installed on an SSL-enabled webserver, such as apache-ssl, NeoMail won\'t take your clients out of SSL mode by specifying a link as http:// instead of https://.
Hope this helps ;-)