Hi.
Do not send a username password combination but a username hash(username:password) combination, also work with hashvalues in your backend not with passwords saved anywhere.
Passwords should never be send over the network and should neither be stored.
The http get parameters are also secured via https, so as long as your ssl connection is not compromised it is no problem to transfer them in a "fat url".
Best regards
Roland