Isn't LDAP a bit of a security hassle? I would think it is pretty common to have Mailman running on a machine along side MySQL, Apache and and MTA of some sort but wouldn't throwing in LDAP be more like requiring people install a CVS daemon to use Mailman? I'm no LDAP guru but from what I have looked at previously it certainly seemed that way.
it's secure enough that most major IS/IT organizations seem to be standardizing it for distributing information like this. We now have, in fact, an internal list server that does exactly this now, but I wasn't directly involved in that project (it was a rewrite of a system I wrote years ago by someone else). And in MacOS X 10.3, Apple started moving it's stuff from NetInfo to OpenLDAP.
I think if it's secure enough for companies to implement, we don't have many worries if we take care to use it properly.