"So, it would be acceptable to you if Google put your Google Account login and password in URI-encoded plain text in the URL of your search results? Why or why not?"
This is actually a pretty important question.
> Looking at my history 50-60% of the URL's in it aren't humanly readable and are 10 miles long...
It doesn't matter how long the URL is. It doesn't matter if you can easily read it. The Web works through URLs. URLs (and URIs) are how you access resources.
* Data in the href attribute of the a tag? A URI.
* Data in the src attribute of the img tag? A URI.
* Data in the src attribute of the script tag? A URI.
* Data in the 200 response to an HTTP GET request? A URI.
* Data in the 30[1|2] HTTP response? A URI.
* Data in the address bar of your User Agent? A URI.
> [T]he history API... has been deprecated and turned into the App Activities API...
No. It has not.
> ...my back button works just fine and there isn't a single request made when i click it...
Right. That's what the History API does. It's a strictly client-side thing. I guess you're dreadfully confused. Here's [0] the first result for "History API". It also happens to describe exactly what I'm talking about.
> this isn't even an info leak if you start a completely new query it resets the original query variable ... you'll get ?q set to query and ?oq set to query ...
> you search for query history it will set ?q to query history and keep ?oq set to query
Cannot repro. Here's what I see:
* Use omnibox to search for "thing": o=thing&oq=thing
* Use google search page that loads with results for "thing" to search for "things": o=thing&oq=thing#q=things
* Use that same page to search for "dingus dongus": o=thing&oq=thing#q=dingus+dongus
"So, it would be acceptable to you if Google put your Google Account login and password in URI-encoded plain text in the URL of your search results? Why or why not?"
This is actually a pretty important question.
> Looking at my history 50-60% of the URL's in it aren't humanly readable and are 10 miles long...
It doesn't matter how long the URL is. It doesn't matter if you can easily read it. The Web works through URLs. URLs (and URIs) are how you access resources.
* Data in the href attribute of the a tag? A URI.
* Data in the src attribute of the img tag? A URI.
* Data in the src attribute of the script tag? A URI.
* Data in the 200 response to an HTTP GET request? A URI.
* Data in the 30[1|2] HTTP response? A URI.
* Data in the address bar of your User Agent? A URI.
> [T]he history API... has been deprecated and turned into the App Activities API...
No. It has not.
> ...my back button works just fine and there isn't a single request made when i click it...
Right. That's what the History API does. It's a strictly client-side thing. I guess you're dreadfully confused. Here's [0] the first result for "History API". It also happens to describe exactly what I'm talking about.
> this isn't even an info leak if you start a completely new query it resets the original query variable ... you'll get ?q set to query and ?oq set to query ...
> you search for query history it will set ?q to query history and keep ?oq set to query
Cannot repro. Here's what I see:
* Use omnibox to search for "thing": o=thing&oq=thing
* Use google search page that loads with results for "thing" to search for "things": o=thing&oq=thing#q=things
* Use that same page to search for "dingus dongus": o=thing&oq=thing#q=dingus+dongus
Chrome 46, using the default Omnibox settings.
[0] https://developer.mozilla.org/en-US/docs/Web/API/History_API