The biggest problem with every migration tool I've ever tried is they all do a very poor job of reconciliation. I've even used a few that incorrectly report success for partial (aka broken) migrations.

The MS365 IMAP migrations are a good example of poor reconciliation, but at least they give you total message counts if you're paying attention. What I'd really like is a tree view of the old mailbox vs the new mailbox with read/unread message counts for every folder.

1. Change password of each account

2. Enter credentials into tool

3. Wait for process to complete

4. Check process completed successfully

5. Change passwords of each account back to what they were (or new passwords)

This at least minimises the window of malfeasance. There's no guarantee, however, that said untrusted tool doesn't also syphon all mail off into its own data-mining database.

Things will probably get better as more providers have support for OAUTH2.

But still you allow someone else to see your mail.

Best case is that the destination provider have support for the migration such that you can import directly in your new mail.

Or IMAP support inside the browser!