Most email clients (Microsoft Outlook, Gmail, etc.) use IMAP or POP3 protocols in order to connect to the campus Exchange servers from an outside machine. These protocols by default transmit credential information (username and password) in plain text form. This is inherently insecure as a hostile user that has placed a "sniffer" program on your machine can steal the credential information and use it for malicious purposes.
In order to protect your credential information when using an email client from off campus, Secure Socket Layer encryption in your client is required.