I've set up an IBM Traveler server to allow certain users access to their mail from their mobile devices, using IBM's mobile app (IBM Verse).
The "Allow only approved applications and built in secure viewers to access attachments" setting seems to be missing from the web configuration page (LotusTraveler.nsf) despite being mentioned in online documentation.
The setting is on the page when you load it without JavaScript enabled, and enabling the setting in the postdata array doesn't result in an error, but also doesn't enable the setting.