The problem, of course, is that the password must be sent in plain text to the mail service. That means that it must be convertible to plain text by calibre. That means that if the password is stored encrypted, the decryption algorithm will be plainly visible in the code. That means that no matter what is done, the password is not secure. So why bother?
The same argument is used against DRM. Why do it, because it can be cracked? The publishers are hoping that the buyers are ignorant.