To be technically correct, Post does not hide the information in the URL, it sends the form information in the HTTP headers apart from the URL.

It is still possible to intercept those headers and grab the username and password, so use of session variables and cookies adds a level of security, and SSL is better.

Just don't want anyone to get confused about the differences between GET and POST. Cheers!