Well, with the rss/atom feed you have the chance for a security issue cropping up. How can you validate across an RSS/Atom feed? How do we know that your info is secure? If we give you a 32-character private key, how safe is it? Do we then need to use SSL (which not everyone has) to communicate?
As for a pop-up, that would be a plugin for the browser; however, you'd still need the credentials which brings us back to the security issue
Maybe, just mabye one day there will be something, but currently there isn't. I could see an Adobe Air plugin being created as part of the RC distro that will update as long as there is a valid session in a browser. So you'd have to keep your webmail up in a browser somewhere (like a tab) and just ignore it until you see that pop-up.
That's the only way I can see it happening it is to have an Adobe Air plugin. Sounds like a fun mini-project for someone