The getmail faq suggests running getmail from cron, as if this is a suitable substitute for fetchmail's dæmon mode. It's not -- you can't run it from cron without storing the password somewhere on disk, while fetchmail in dæmon mode can be given the password once at startup and store it only in memory. If I could authenticate to an Exchange IMAP server using Kerberos, that would be an even better alternative.
Upstream feedback: This is user misconception about security; it was discussed thoroughly on the getmail mailing list a long time ago. Essentially, the user who filed this one thinks that it's somehow more secure to have your mail password in memory instead of on disk between retrievals of mail. That however is wrong; it's exactly as secure one way or the other. All you need to do to be as secure as you can be is ensure your getmail rc file isn't group or world readable; then no one can steal your mail password out of your rc file. If an attacker has root privileges or steals your identity, they can retrieve your mail password from disk or from memory equally easily. You can get more information on the mailing list archive over here: http://pyropus.ca/software/getmail/documentation.html#mailing-list-users-archive.