For context, I’m using FairEmail because K-9 doesn’t seem to be able to move to a desired folder multiple emails at a time.

This only doesn’t work while you’re in the “Unified Inbox”-view. You could be selecting mails from different accounts, so it can’t really just move mails in bulk. I guess, it could handle that more gracefully, but that’s the reason why they haven’t implemented it in that view.

And, I’m not informed enough about OAuth to have a true opinion, but this feels like the old “X is safer, if you don’t consider $BIGCORP an attack vector”.

And yeah, I’m always cautious with that, since a lot of these opinions come from the US, which don’t have privacy standards to begin with, and will only really have their own intelligence agencies (NSA, CIA, FBI) ruffle through their data, and of course because many US-Americans are a bit too supportive of their regional monopolists.

Obvious things first: afaik mostly google and microsoft hosted mailservers have oauth for imap, for privacy-minded people both should be a no-go. Also if you use the same phone as a second factor, 2FA is only of very limited use.

when reading about OAuth, it apparently is safer than the alternative

Assuming you use an encrypted connection (use a dedicated tls-only port, not starttls!) to your mailserver, there is no practical difference between the “traditional” user:password-type authentication mechanisms, so you won’t really need to assess those seperately. Oauth may be conceptionally safer if you use 2FA, but it adds a lot of complexity, expanding the attack surface so it’s kind of a trade of.