JPCERT/CC and IPA(
APOP is a protocol for authentication for POP3.
APOP uses md5 hash to check password.
hash protocol MD5 has collision for his hash.
If APOP hash tapped and stolen hashes, a malicious person might decipher it.
This problem causes from MD5 collision not only APOP.
but also If system uses MD5 same problem occurs.
http://d.hatena.ne.jp/shikap/20070419#p1)shikap said that
Almost everyone is uses POP, and APOP are only encrypting only password.
But receiving mail is still plaintext in POP protcol.
On this occasion, you might be shift to "POP over SSL".