It appears the new secured model involves the need to have Indigo do a handshake with Google directly with their Web API's. I never would type my password into Indigo, rather I would be redirected to Google's login page, would would then give Indigo a token to use.
I believe the I read that the official requirement is that the application accessing GMail use OAuth 2.0 -- I would assume that is not a simple flag on the client object being used by Indigo, but it could be... I don't
believe you would have to go to the web with a client supporting that, though if using two-factor authentication (and why would anyone not
) then would need to provide an application password if OAuth were implemented. Could also easily be added via a plugin if anyone desperately wanted GMail sending bad enough.
Adam