Well, the account credentials would stay in the local client wouldn't they? There is no hosted web version of this (yet!) and no central server so there is no one to leak credentials to. The only receiver of the credentials would be your email provider, and you are already sending them that in your normal email client.
Uh, I don't think IMAP is generally blocked on iOS? Anyway, end-to-end encryption seems to depend on the email provider being able to support IMAP. So Hey.com is out but gmail can work if you enable IMAP support for example.