Passwords are different from URLs because URLs are basically public, whereas passwords aren't supposed to be. Furthermore, this is not 1995. Everyone who is in the industry providing IT services is supposed to know that basic security measures are necessary. The physical analogy would be, walking through an unlocked and unmarked door that faces the street in a busy city, versus picking a lock on that door and then walking through it.

How do I know which URLs of a website are legal to visit and which are illegal?