Possible Duplicate:
Can PHP read the hash portion of the URL?
The (famous?) web site mega.co.nz uses a hash mark in URLs to link to encrypted files; the portion of the URL after the hash mark contains a password, and encryption is claimed to happen on the client side. It is certainly feasible to use javascript for client-side encryption but … isn't the URL sent to the server, thus revealing the password to the server itself?
The URL looks like
https://example.com/#!encryptedfilename_password