Depending on the service it may be that the password is always clear text. By default most POP servers are clear text unless you're going to the secure authentication ports to do it. FTP is always clear text for passwords, as are IRC and several other commonly used tools. I'm not saying that's a good thing, just that it may not be entirely the apps fault. If a service is truly security aware they won't accept login credentials in a non-secured way to start with, so the apps would have to hash or encrypt credentials.