Well you would be dumb to give it anything but unique per-device credentials to a working SSL-enabled SMTP server.
For non-techy home or SOHO users, they're likely using smtp.gmail.com with their gmail creds though. Would not be unresonable to dedicate a gmail account just for scan to email IMHO.
> For non-techy home or SOHO users, they're likely using smtp.gmail.com with their gmail creds though.
That's exactly what I'm worried about. Obviously there are ways to do it safely (and gmail actually I think might even force them), but I have very low expectations of a lot of the userbase (not a dig at them: the tech isn't exactly set up to make the easy thing safe).
