Today has been an extremely busy day here at Mobilitics and lots of questions have been asked about the Nokiagate, both in post comments and private mail. Let me answer all of those at once.
Yes, Nokia is very much aware of this. I have made a report and they are working on this. Someday they will come out and give comment.
I am not talking here about Nokia Messaging or any other service they are providing. This case is about acessing your mailbox using IMAP without any extra middleware. You input information to connect to your email account and that information goes to Nokia's server. When the deployment server has tested that your account details are OK, information comes back to your terminal and the account is created. Now communication happens between your terminal and the actual email server just as it should.
Having said that, now it must be clear to everybody that Nokia's server is actually logging in to the email account when verifying the credentials. Test sequence includes logging in to both incoming and outgoing services - if that fails, client will prompt you to check credentials. If you want to verify this, you must be able to investigate traffic coming to your email servers.
Yes, according to my tests the verification server is located outside of the European Union, which means that your credentials are also there.