Don't allow plaintext passwords to be send
Don't allow gajim to send <password> while authentification, but rather <digest> by default.
Then provide an additional config entry "allow plaintext login" or the like.
Since this is a security issue, setting priority to high. As the impact is rather big (a stolen jabber account), I set the secerity to critical.