Fixed for me.. Thanks Chuck.

Should be fixed in CVS now.

I just tried a basic META REFRESH from an https url to an http url and 
I did not get the warning.  I don't know if something like that is 
possible or maybe some javascript redirect code?

No, this is something different. They are talking about POST 
redirects, but we only do a GET redirect. The problem is that we 
redirect from an https address to an http address.

Jan,
  I have read a few people have gotten around this by using a 
javascript redirect of some kind, which is I think what hotmail uses, 
not sure though.
Here is something I found, not sure if it will help:
http://ppewww.ph.gla.ac.uk/~flavell/www/post-redirect.html
What are your thoughts?

Exactly. Did you find out if other redirects (with different response 
numbers perhaps) don't trigger this warning?

I've looked at hotmail and gmail and they both seem to just encrypt 
the login session, while everything else is plain http.  In digging 
for some answers, I came up with the fact that IE will issue this 
warning when a "page moved" request is made from ssl to non-ssl.  Is 
this how redirect in imp works?

AFAIK, this is something that only can be turned off in IE. I suppose 
other sites simply stay in HTTPS mode after login.

When using use_ssl=3 and IE, the user gets a dialog box that warns the 
user that they are being redirected to an insecure page.  This occurs 
when using IMP for authentication.  This does not happen on firefox.   
Other webmail sites hotmail, gmail, etc... seem to implement this w/o 
this warning box.  Not sure if this would be considered a bug or 
enhancement.  Is there any way to get rid of this while using IE?