If you used any IMAP accounts (not from Google), you would need to enter the password. And Spark will quietly send it to "the cloud" and keep it there, with servers accessing your mail whenever they please. This is kind-of mentioned in the Privacy Policy, but in a way that wasn't clear to me at all.
I found this unacceptable, so I can't use Spark, which I regret. I also lost trust for Readdle, so now, even though they make great apps, I am extra careful with handing them any sensitive information.
Storing the IMAP password is basically the same as storing the Gmail OAuth token in terms of access control, not sure why you think storing one is more evil or scarier than the other.
AFAIK Spark’s push notification service relies on checking for mail server-side (so that they don’t drain your battery with constant background refreshes, I suppose?), so I wouldn’t consider it sneaky.
Not sure, but I guess you can revoke an OAuth token and nothing changes for other apps (and you) on the Gmail/Google account side. On the other hand, if you have to change password...
