Could you elaborate on the "some security" part?
I mean, there's a difference between not wanting cleartext logins or encrypting the whole login/data stream. APOP doesn't encrypt the stream, which SSL does. Another pro for SSL is a lot of MDA's/clients support it, and its able to wrap POP, IMAP etc etc.
On another note, a "secure" protocol doesn't automagically mean secure applications.