When using https the browser and the server first establishes an encryption method to use through a couple of steps and then communicate everything accross the line using that encryption method. What this means is that between your browser and the web server everything is encrypted. However, would still be a blunder to just throw someone's credit card number in the url to pass. It raises several security issuses. Firstly, the person will now have a big string saying "here's my credit card number!" saved in their browser cache, and in their location cache. Secondly someone could easily setup a filter between the web server and the CGI processor (Perl, C, etc).
This is why you don't see any respectable site setting up your account with:
www/submit.cgi?user=Bob&password=fido
You should probably figure out a way to encode the data being passed. Do some research on e-commerce sites and see what the best are using.
Don't make it easy for the people out there that want to take what you got
-- Gordon --
------------------
$blah='82:84:70:77';
print chr($_) foreach (split/:/,$blah);