It seems that Apple finally released a patch for the iPhone about the security issue I wrote about back on May 1st (More Security Stuff)
From Apple’s Web Site:
WebKit
CVE-ID: CVE-2009-2797
Available for: iPhone OS 1.0 through 3.0.1, iPhone OS for iPod touch 1.1 through 3.0
Impact: User names and passwords in URLs may be disclosed to linked sites
Description: Safari includes the user name and password from the original URL in the referer header. This may lead to the disclosure of sensitive information. This update addresses the issue by not including user names and passwords in referer headers. Credit to James A. T. Rice of Jump Networks Ltd for reporting this issue.
Not sure when James reported it though. So I don’t know if I found it before him or not. Anyways, here is my suggestion, if you use an iPhone and have EVER logged in to a web site with a username and password, you need to change that password immediately and then apply the patch from Apple to your iPhone. I know there are some people who view my site that use an iPhone and are clicking on links from other websites, therefore sending your username and password to me as well.