Can email interfere with HTTP headers though? There's no \r\n, ";" or "=" in valid email.
Anyway, I have seen sites where it was used as a security measure. Or so the authors thought I guess. Storing login password in url parameter? Seems safe if it is encoded.. But it was years ago.
It sounds like you confused encoded with encrypted, encoded is no different than plain-text. The encoding is just to get a valid string for the URI (so a password can contain special URI characters) and is instantly reversible.
Did not know that, thanks for pointing that out. In that case the encoding is necessary. On top of that I just found out that even Unicode characters are permitted (RFC 6531).
Anyway, I have seen sites where it was used as a security measure. Or so the authors thought I guess. Storing login password in url parameter? Seems safe if it is encoded.. But it was years ago.