Can a username and password be sent safely over HTTPS via URL parameters?

Question

A colleague and I had a heated debate yesterday whether it is safe to send login credentials via URL parameters as a means of authentication. He correctly pointed out that

Answer 1

Safely is a big word. SSH will keep other users from retrieving it, but do you really want to show someone's password on the querystring. What about the dude standing over the users shoulder? What about SQL injection? Really bad idea, at least tuck it in a form post.