[michiel3]

This technique is widely abused by phishers. Most browsers detect such phishing attacks and warn the user for it (see example in Safari 5).

Firefox might do a better job on this subject: it performs a HEAD request first, to see if the website actually requires authentication. If not, the user receives a warning to make the user aware of a potential phishing attack they might have been trapped into.

[Nitramp]

That could be easily spoofed by requiring just some username on the server side, assuming you set up your web presence such that these links always include some username. The HEAD request won't help you there.

[michiel3]

This won't help that much, because this means you can only visit the website with some authentication string, otherwise the browser will prompt for your credentials.