Okay. And the answer is: Whatever I typed in the box will appear in the URL. There’s a small chance that the value of the “q” parameter could have been “hunter 2”– if that’s what I typed in the box, but it’s not what I typed in the box. Let’s go ahead and see this happen, for real, in the browser. Here we are; I click Submit, and you can see that “q” equals what I typed in the box. In this case, it was the text, “some dots”. So this is important to know: you should use the password form element or the password input type when you’re collecting passwords on your site, but you should know that that password is not sent securely to your Server. It’s sent either in the URL or in a POST parameter, just like any other parameter–so it’s really only to prevent somebody from looking over your shoulder.