Comment 30 for bug 861854

More than happy to hear your suggestions, but the fundamental issue here is that the token is the URL, and its that passing through proxies, etc. that represents the disclosure of a potential security issue.