Hi.

Yukihiro Matsumoto wrote:
> |I'll also against userinfo being usable in the open-uri.
>
> Because?  FYI, I have no specific opinion for or against userinfo.
>   

Because it's marked "deprecated" in RFC3986.  No use of this field
should be recommended any longer.  That RFC says:

> A password appearing within the userinfo component is deprecated and
> should be considered an error (or simply ignored) except in those rare
> cases where the 'password' parameter is intended to be public.

Isn't this enough to say no?