We've just made a change today so that if you go to the Options –>
Account Preferences screen and change your password, or disable IMAP or POP logins, then we will immediately close any existing open IMAP or POP connections.

This security enhancement is particularly useful if you have a mobile device that is lost or stolen. By changing your password via the web interface on another device/computer, you will immediately force any existing IMAP/POP connections to be logged out and prevent any further logins from that device because the password will no longer be correct.

We also plan in the future to allow expiring web sessions from other machines as well. We'll announce on this blog when that feature is ready.