How secure is it to pass in to a Stripe website (external, not our own site) some data to prefill a form through the query string? It's an external site so we can't just pass it in encrypted like we would with our own sites data.
I would assume it wouldn't be too bad considering its only usage is to prefill the form and the only way other people can get said data is to log in to a certain company which we have security for anyway. (permissions)
Example data(with the URL used): https://connect.stripe.com/oauth/authorize?response_type=code&client_id=blahblahblahxxxxxxx&stripe_user[email]=my.email@yahoo.com&stripe_user[first_name]="billy"
I'll add more info if needed...
[edit] The data is not restricted to just the ones i provided they just seemed fitting at the time. We got these options for the business:
[email] [url] [country] [phone_number] [business_name] [business_type] [first_name] [last_name] [dob_day] [dob_month] [dob_year] [street_address] [city] [state] [zip] [physical_product] [shipping_days] [product_category] [product_description] [average_payment] [past_year_volume] [currency]
The information I've already got from you guys is pretty clear by itself though. The things I see as sensitive on this are the addresses (city, state, ZIP etc) but that's all...