[paulgb]

I disagree. There’s a reason why security by obscurity gets a bad rap. Browsers generally treat passwords as sacred — not saving or logging them unless the user explicitly asks. On the other hand, the URL bar gets saved to history, sent as a referrer when links are clicked (in some browsers), might be sent to an external server by the browser or extensions, etc.

[emsy]

I agree with the part about an URL being less secured than a password. However, it's not security by obscurity. It's just less secure and more convenient. But the URL scheme merely grants you access to a ticket, not the whole account, so the potential damage is negligible.