Well, that is exactly what I want to do. I use the system passwords for imap anyway, so why not? Of course, the channel must be protected by SSL/TLS when you do that.
Because there are a large number of IMAP clients that are not aware of LOGINDISABLED, and which will blindly attempt LOGIN or AUTH PLAIN in the absence of TLS (which they are not aware of, either). Many IMAP clients predate RFC3501. So those passwords (with the matching authentication ids) are going to be flying around the Internet in the clear no matter what you do. Using the UNIX account password for IMAP (or POP) in this manner makes your system effectively password free.
--lyndon Specifications are for the weak and timid!
