If you run the IMAP server logged in as a non-root user, it will be
preauthenticated as that user. This has two consequences:
1) it can not log in as any other user
2) there is no login or other security step; the client can immediately
do arbitrary access to the user's mail.
Consequently, you only want to run the IMAP server as a non-root user if
you have some other authentication/authorization means in place external
to IMAP. For example, one such means is
ssh imapserver exec /usr/sbin/imapd
since ssh implements authentication and authorization itself.
I do not know how SquirrelMail works; you should probably check with its
author to find out if it even supports access to a preauthenticated IMAP
server (and if so how to set up the ssh or whatever link to do it). Most
IMAP clients do not.
You are on the wrong track about "write temp files to dirs owned by root";
although the /tmp directory is owned by root any user can write to it.
-- Mark --
http://staff.washington.edu/mrc
Science does not emerge from voting, party politics, or public debate.
Si vis pacem, para bellum.
