Anchors, embedded images, and all other elements which contain URIs as parameters may cause the URI to be dereferenced in response to user input. In this case, the security considerations of [RFC1738] apply.
The widely deployed methods for submitting form requests — HTTP and SMTP — provide little assurance of confidentiality. Information providers who request sensitive information via forms — especially by way of the 'PASSWORD' type input field (see section 8.1.2 in [RFC1866]) — should be aware and make their users aware of the lack of confidentiality.