You are of course right that we currently lack a solution for that.

I was thinking about using QtKeychain for this since we need a cross-platform solution.

See also T1678

KWallet needs its own password, and always prompts for it on first use, right? That's a hassle, so I think of it as being for high-security passwords (when logging in to a web site you already know you're going to have to type something). Whereas with most mail programs, it's enough to log in to one's desktop, to read mail.

The INI file could have the password if it were cryptographically hashed somehow so that a stranger who does not know the user's login password (or some other key that can be safely retained) couldn't decrypt it. But I'm not a security expert - just brainstorming.

Yes, a keyring always needs to be unlocked, you can AFAIK set an empty password though so it unlocks automatically (at the cost of security of course).
If we encrypted the password then we would need yet another password and effectively just implement yet another keyring, which wouldn't really help.
Therefore we should rather just use existing keyrings, making those userfriendly is another topic.