The Auth API endpoint requires the sensitive info such as username and password, session id, and cookie to be passed as query parameters.
Request URLs get logged in server access logs, which record these credentials plain text into logs that may not even be in the hands of the forum owner...