IE and authentication info in URLs
As Rob Zelt pointed out, the HTTP form of URLs was never actually allowed to have the username and password as part of the URL. So Microsoft isn't breaking IE, they're making it more standards compliant. Strange, huh?