From my experience definitively GWIA.
IMAP is/can be a very aggressive protocol. So if IMAP kills your service than maybe your GWIA dies. But if your POA dies, then all your users will suffer this problem; not only IMAP users.
However there can be a reason to open IMAP at POA, if another service needs access to perform tasks. I.e your Secure Message Gateways scans all mailboxes to search for viruses or phishing mails.
This community is more powerful if you use Likes and Solutions