Depends on which traits one thinks are desirable. In general, I would say that CRAM-MD5 offers slightly better security than PLAIN, while PLAIN offers better ability to support external/legacy password stores, proxy-authz, etc.
Where is the peer reviewed analysis of CRAM-MD5 vs. PLAIN that everyone alludes to? A simple reference to it in son-of-2195 would solve this argument.
--lyndon