Forget everything I say below. I’m an idiot. Read the comments to see why.
As I mentioned in an earlier post IE is having some very serious problems with URIs that contains user names and passwords. Support for user name and passwords is a required part of the URI specification. Now, instead of fixing the real bug Microsoft is planning to break their support for the URI standard.
This is the second time in a short time Microsoft chooses to break IE instead of fixing it in a satisfactory way. (Last time they broke window.moveTo because they didn’t manage to fix a drag and drop bug/exploit.) Would it not be better to hide the user name and password section in the status bar and address bar? Hiding it in the status bar is trivial and does not have any undesired side effects. Hiding it in the address bar might have some negative side effects. For example if I type
http://erik:firstname.lastname@example.org/ and since I misspelled the password I will not be able to log in. Now it would show
http://www.domain.com and I would not know that I misstyped the password.