Give me few reasons why NOT to include email addresses in plain text form for unsubscribe link that gets sent out in our newsletters.
Right now it's:
xyz.net/unsubscrible?uid=123&email=user@domamin.com
I am pushing for:
xyz.net/unsubscrible?uid=123&key=(encrpted_email_md5hash).
I don't really like the idea of throwing email addresses in plain text, but need to convince my manager for possible threats.
Update: While all the answers were suggesting how I should secure it and NOT reason why I should secure it, I find do-ob's answer most appropriate.