Thunderbird work is all about leaks these days, of various kinds:

• A study at CMU to test an extension that suggests people you might have forgotten to include in an email, and whether you might be leaking something to people you didn’t intend to include (via Shawn Wilsher),
• A related post I’ve been meaning to refer to for a while from David Teller about adding MLS (multi-level security) to Thunderbird.
• Only linguistically related work from Mark Banner on adding metrics to detect memory leaks in the Mail/News code that Thunderbird relies on.