LMTP AUTH security exposure?

[Vincent Fox]

So I want to do LMTP between an MX pool and Cyrus backends.

The common way I read about doing this, is with a shared LMTP
account from MX pool to backends.  So it becomes a postman sort
of account with the password in plaintext in various places and of
course transiting the network that way.

Is there any way to do this with certs instead?

If I set "allowplaintext: yes" for this purpose, well I've just
enabled it for general users also right?  Which brings up a
whole 'nother set of issues.