Scary. How much access do you have to monitoring the network traffic of where the server sits (that subnet)? Your laptops can be "here at the office" and your webserver in my basement. If my basement has a host of issues with packets being sniffed, there is little you can do (without HTTPS, etc) to keep those URLs from being seen by unwanted parties. It IS your fault... (blaming the victim). For anything like this you need to authenticate. There is this snippet of an interview or mock interview of an intern that goes in a webservices place. The discussion post interview among the interviewees goes like this: - "He flanked because blah..." - "No. He flanked earlier when he did not authenticate in blah..." If _your_ computer is to do anything that _only_it_ is supposed to do, it needs to authenticate. Take this with a grain of salt, for I am not an expert. Let us know what you find.