How is it more secure if by excluding pop.gmail.com you are excluding incoming (POP) gmail email from being scanned (forgetting IMAP, by the way)? You’re not fixing a problem here, you are avoiding it, and in the process you’re giving a false feeling of security.