dXNlcm5hbWU6cGFzc3dvcmQ= is base64 encoded 'username:password'
The Authorization header is the same one that will be used if your browser prompts you for a username/password.
Also, the Authorization header is also plain text. Whether you pass credentials on the URL or in the Authorization header, it makes little difference in terms of interceptability. They're just different lines in the HTTP request. You need SSL to secure either.
$ curl -vv 'http://username:password@example.com/
> GET / HTTP/1.1
> Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=
dXNlcm5hbWU6cGFzc3dvcmQ= is base64 encoded 'username:password'
The Authorization header is the same one that will be used if your browser prompts you for a username/password.
Also, the Authorization header is also plain text. Whether you pass credentials on the URL or in the Authorization header, it makes little difference in terms of interceptability. They're just different lines in the HTTP request. You need SSL to secure either.