Guys, I need to open a web based application from Salesforce. I wanted the application to call back to SFDC to get some data. So I was thinking of passing SFDC session ID and server URL as query string parameters to the destination page. Is it safe to expose the Session ID in URL query string parameters? I am curious on whether the query string parameters in the URL be visible over the network even though the end point is an  "https" URL..? Strangely when you right click a code in Eclipse-Force.com-IDE and select "Force.com>>Show in Salesforce web" it automatically opens up SFDC page by passing the session ID in the URL.However I am curious about how secure sending session ID through URL.? Please let me know your thoughts on it.

Thanks,

Krishna