Thunderbird and Outlook are essentially the same thing.
From what I'm seeing, about the only way to do this is via the email client - export out of the old OST/PST into the IMAP folders.
As for security: what is the difference between hosting emails on an IMAP server or an Exchange server... why is keeping your email on an IMAP server insecure? The whole point of IMAP is accessability. (I don't want to run the route of installing Thunderbird onto a portable USB stick and keeping everything on there via POP3 to access it.) I want to be able to goto any box anywhere and access my complete email... isn't this the POINT of IMAP??? This is the first I've ever heard of it being 'unsecure'