I'm developing a mail client in PHP for a customer, and they want the ability to handle all of their various email accounts from this single client.
The user should not have to type all passwords every time he wants to use the service, and thats my problem. Is there a way to retrieve and send mail through Gmail without entering the password to the mail account? Is there some other way? Or must I save the passwords in my database with some encryption and decrypt it with a "hidden" key?
https://developers.google.com/google-apps/gmail/ Read the OAuth section.
OAuth gives you a token, instead of a password. Even if the user changes his gmail password, said token would allow you to access his inbox and such.
As for Hotmail... i think no OAuth API is out there, sadly.
Read this just in case: http://msdn.microsoft.com/en-us/library/live/hh826535