Account preferences: ability to enforce TLS
Because a potential Man-in-the-middle can remove any <starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/> from <stream:features/>, it would be advisable to optionally "enforce TLS", thus denying any authentication in non-TLS mode.