Registered URIs can be extremely dangerous... browsers must take
special care in filtering which characters are passed to registered
URIs. Developers must take special care when registering a URI.
We've discovered MANY MANY issues with registered URIs over the last
year. Registered URIs can be remotely exploited, many times resulting
in full system compromise. You can find a sample of how dangerous
registered URIs can be here:
