I haven't checked in some time, but they used to embed the complete continuation (if you don't know what's a continuation, you can just consider it's the stack) in the URL. It's a very nice and very natural mechanism, which gives them lots of flexibility in terms of semantics and garbage-collection, although I suspect it's very bad in terms of both performance and security.
So basically it's some kind of entry point with arguments? Wouldn't that be a huge security hole? I mean it's just buffer overflow, without even a need to overflow, in plain sight...
I'm not exactly sure how they do it in Links these days. If they still take the naive approach to continuations, yes, that's a huge security hole. However, there are moderately simple ways to make this security hole magically disappear. You keep most of the agility and none of this vulnerability.