Not much. If you're not using app passwords and your client wants to authenticate using Google auth (e.g. Thunderbird), it has to open the user's browser and setup the oauth flows instead of embedding the browser directly in the app.
It was recently (Oct 8) announced that that Google would provide a 12-month heads-up for stopping less secure app access, so it's my understanding that IMAP is not affected at this point.