With standard POP, your user name and password are sent in plain text over the network when you check for mail and can be intercepted by a malicious third party. APOP uses a shared secret that is never exchanged directly but only in an encrypted form derived from a string unique to every log-in process.

