On Thu, Feb 01, 2007 at 01:19:34AM +0900, Yukihiro Matsumoto wrote:
> In message "Re: [ ruby-Patches-8309 ] add usage of uri.userinfo to open-uri.rb"
>     on Wed, 31 Jan 2007 22:34:47 +0900, Paulo K?ch <paulo.koch / gmail.com> writes:
> 
> |> According to RFC3986, supporting userinfo in URI is dangerous, so that
> |> open-uri will not support it.

The comments in the RFC refer fairly specifically to the dangers of
using URIs with userinfo for links on the web.

Perhaps open-uri can focus on providing useful mechanism, not policy.
Having a config file:

  user some_guy
  password some_passwd
  mailbox imap://imap.example.com

is not more safe than

  mailbox imap://some_guy:some_passwd / imap.example.com

is it?

Sam