The remote host has an application installed that is prone to a man-in-the-middle attack.
The remote Mac OS X host has Apple Xcode prior to 5.0 installed. It, therefore, includes a version of git in which the imap-send command reportedly does not verify that a server hostname matches the domain name in its X.509 certificate. A man-in-the-middle attacker could leverage this vulnerability to spoof SSL servers via an arbitrary valid certificate.
Upgrade to Apple Xcode version 5.0 or later, available for OS X Mountain Lion 10.8.4 or later.