What security considerations should we ponder around URL rewriting issue?