What can be done to protect users from confusing password prompt dialogs...

Apple actually took a step toward addressing the problem by suggesting that instead of dialogs, prompts be handled by Sheets.

Sheets

Sheets have the benefit of being tied to a specific window. This approach could be enough to solve the problem, and in fact my proposal is in a similar vein. The problem with using sheets for both mail passwords and HTTP passwords is that it portrays the two as being the same. And then while you at least let the user know which window really needs the password, you're still back to the problem of explaining to the user why it needs a password. And you have to do it without expecting the user to read the sheet.

My view is basically that we don't want to throw up dialogs for this stuff.

If you need a password for a mail server, then mail should focus the folderlist and visibly attach the password request to the mail server.

If you need a password for an image, then there should be a password prompt (not a dialog) in the email near the image placeholder.

Should the prompt be visible as the page loads?

Perhaps not, instead a password required image would show in the placeholder and the prompt would appear if the user selects or hovers over it.

Questions to think about:

If you saw a password prompt inlined in an image, would you trust it any more than the email?

Response from a clever developer:

What if the image is 1x1, the inlining would be not obvious?

So how would it work?

You'd see an email, and then where there was a 1x1 image, Mail would try to render a password required prompt. For sized images the prompt would be cropped to the dimension of the image. For a 1x1 image, it there would be a dot. So you really wouldn't be bothered by it :).

The password required image placeholder would be hot. Clicking/selecting it would expand the prompt to its full size. The prompt would float above the rest of the mail content but would live within the content area, so it would scroll with the content and would be covered by anything which covers the window. Dragging the window would of course drag the password prompt since it's part of the window content.

So... If you do manage to select the icon or click it, you would see something like this: 

.___________________________________________________________________________.
|    | This image requires a password, the email says that it will be 1x1.  |
|o-+,| The resource URL is: <http://129.129.129.129/something.jpg>          |
|____|                                                                      |
| Remote Host: 129.129.129.129                                              |
| Resource: /something.jpg                                                  |
| Username: [                       ]                                       |
| Password: [                       ]                                       |
| <Show Image> <Hide Image> <Trust ?>                                       |
|                                                                           |
| If you aren't sure whether you should trust this prompt you may click the |
| Trust button to see a traditional password prompt. Please check the       |
| Mozilla Help Index under "Images, Trusting Inline" to see what this       |
| prompt should look like, what it means and how to verify that it's a real |
| prompt from Mozilla Mail.                                                 |
|___________________________________________________________________________|
For bigger (and therefore more important/useful) images you'd have a better chance of seeing that there's content which is password protected.

The developer suggested a big red 
/!\
but in fact that's the problem, it gives the request too much authority. The goal is to make the prompt look less like a system dialog and more like it came from the email itself.

The developer is still concerned that people might "blindly fill in their mail password".

But the question is, would they, would you, fill in your email password into an html-like form inline in an email from an unfriendly source?

My hope is that if it's essentially an html-style form in an email, you would really think twice before entering your mailnews password.

Mail Server Passwords

So I've proposed changing how Mail allows users to enter passwords for web resources, but

what about mail server passwords?

Well, today they toss up some dialog which is too similar to the other dialogs.

Let's actually look at the SMTP auth dialog, because it's by far the worst case. Normally, a dialog is at least associated with a window so that the user knows its origin. When you send a message and Mail needs your SMTP password, the main mail threadpane window opens the dialog instead. - Talking about confusing :(.

So what should happen?

well, basically a sheet-like password prompt. The password request fields should probably extend from the send message button far side of the mail compose window [The menubar on Mac OS (X) is of course not part of the window]: 
+=+===========================================================================================+
|#| Plans for Spring Break - Composition                                            [_][O] [x]|
+-+-------------------------------------------------------------------------------------------+
|/| File Edit View Options Tools Window Help                                                  |
+-+-------------------------------------------------------------------------------------------+
|/|[ Send ] | [ Address ] [ Attach ] [ Security |v] | [ Save ]                           [ M ]|
+-+---------------------------------v-----------------v---------------------------------------+
|/| From john@example.com           | Attachments     | Sending Message ... Password Required |
|/| To: jill@example.com            | (none)          >---------------------------------------<
|/| CC: jane@example.com            |  	              | Identity:    [ john@example.com   |v] |
|/| Subject: Plans for Spring Break |  	              | SMTP Server: [ smtp.example.com:25  ] |
|===================================^=================| User Name:   [ john                 ] |
| Hello,                                              | Password:    [ ********             ] |
| I'm going to the beach from Friday through Tuesday. | < Cancel >   < Login & Send Message > |
| Would you like to get together on Wednesday, maybe  >------------------vvv------------------<
| we could have a picnic?                             | Connected to smtp.example.com:25    |^|
|                                                     | 220 smtp.example.com ESMTP Sendmail |H|
| John                                                | EHLO smtp.example.com               |||
|                                                     |<[======]--------------------------->|v|
+-----------------------------------------------------+---------------------------------------+
| o o o o o o |                       | Size: 4 lines | Signed: [ john@example.com |v] | ->>- |
+=====================================================^=======================================+

Would normal users want to see the actual smtp session?

Probably not, but the space available below this panel is lost, and trapping grey/whitespace in the window won't look great. This would allow the user to copy any error message and actually read the real error message if an error occurs. Clicking 'vvv' would collapse the connection details and would be remembered. By default the connection transcript would be collapsed, there might be a details button which would show it.

Getting New(s) Messages

So if the idea is to clearly associate password prompts with resources, how would you associate password protecting a mail server/folder with entering the password to access the resource?

Well, normally when you want to read mail you're in the main mail window. The main window has a folder list which contains all of your mail/news servers and their folders. If you choose to get mail, you get a dialog which asks for a password.

So what would this look like?

._Mail folders_____/_H-Thread Pane here-
| user@localhost____.H
| |protocol: IMAP   |H
| |server:localhost |H
| |username: user   |H
| |password:[******]|H
| |<Login> <Trust ?>|H
| |<Config> <Cancel>|H
| |_________________|<
|-user2@mail         <
| |i Inbox           <
| |o Outbox          H
| |s Sent Folder     H
| |t Trash           H-Message Preview Somewhere over here-
| |- Other           H
| || Humor           H
| |\ Something       H
| \+ Stuff           H
|____________________H

What does this do?

It ties the prompt to the resource and allows the user to decide when to respond to the request.

How would mail inform the user that there's a password request pending?

Perhaps some animation/flashing and probably a message in the status bar. Since the request will almost always be in response to the user it would be ok for the panel to take keyboard focus.

But what if the user doesn't like sidebars because they cause documents to reflow?

Well, for one, I'd put the folder list on the right hand side, but if it's on the left hand side and it's collapsed, then the prompt should cause the folder to appear but float over the thread/message-panes so that it wouldn't cause them to shrink/reflow.

Browsing the web

Images and other resources that require authentication to load inline could be treated the same way as I proposed for MailNews. 
| This image requires a password, the page says that it will be 1x1.
| The resource URL is: <http://129.129.129.129/something.png>
|
| Remote Host: 129.129.129.129
| Resource: /something.png
| Username: [                  ]
| Password: [                     ]
| <Show Image> <Hide Image> <Trust ?>
|
| If you aren't sure whether you should trust this prompt you may click the Trust button to see a 
| traditional password prompt. Please check the Mozilla Help Index under "Images, Trusting Inline" 
| to see what this prompt should look like, what it means and how to verify that it's a real prompt from 
| Mozilla Browser.