Forgive my newb question as I am new to web development and am working on a prototype/proof-of-concept that will, hopefully, eventually get turned over to experienced web devs.

My situation is this:
I have a command line python script that I wrote that interfaces with an XML API provided by Adobe for one of their web applications - Adobe Connect (it's a virtual meeting service similar to WebEx, GotoMeeting, etc.).

I have a hosted version of Adobe Connect. The API in to it is via query string calls. In the API documentation they have many examples, including one for logging in a user from another program.

So in my python script I have the user enter their credentials, and then, following the API example from Adobe, I construct the proper XML API call, including the user's credentials (ID, PW) and then make the url/query string call. An example of this complete URL looks like this:

Code:
https://example.com/api/xml?action=login&login=joy@acme.com 
    &password=happy&account-id=295153&session=Sbreezzd2dfr2ua5gscogv
Here is a link to the Adobe Connect XML API documentation where the above example is discussed:
Code:
http://help.adobe.com/en_US/connect/9.0/webservices/WS5b3ccc516d4fbf351e63e3d11a171ddf77-7ff5_SP1.html
My question is simply this:
Passing user credentials via a URL seems very insecure to me and a bad idea. Right now, my code is simply a CLI script, but eventually once I have a handle on the Adobe Connect XML API, I want to re-create everything in a simple web app, where users can login to my app and transparently it logs them into the Adobe Connect app.

Am I correct in thinking that passing credentials via the query string is a bad idea? It is passed via https (vs http) - but I'm still not sure.