The SquirrelMail package, in and of itself, is fairly secure. It is well written and does not require JavaScript to function. However, there are a few precautions that may be taken to allow SquirrelMail to run as a secured mail handling solution.
Have an SSL connection: By using an SSL connection, you may be certain that all communications will be encrypted, and so usernames, passwords, and confidential data cannot be intercepted during transmission. This may be accomplished through the installation of the Secure Login plugin. Obviously a web server configured for secure SSL access will also be required; certificates will most likely need to be generated or acquired.
Time out inactive users: Users may leave themselves logged in and neglect to log out once they are finished. To fight this, inactive users should be logged out after a certain amount of time. The Timeout User plug-in accomplishes this.
Fight "Remembered Passwords": Many modern-day browsers offer to...