Scary.

How much access do you have to monitoring the network traffic of where the
server sits (that subnet)? Your laptops can be "here at the office" and your
webserver in my basement. If my basement has a host of issues with packets
being sniffed, there is little you can do (without HTTPS, etc) to keep those
URLs from being seen by unwanted parties.

It IS your fault... (blaming the victim). For anything like this you need to
authenticate. There is this snippet of an interview or mock interview of an
intern that goes in a webservices place. The discussion post interview among
the interviewees goes like this:
- "He flanked because blah..."
- "No. He flanked earlier when he did not authenticate in blah..."
If _your_ computer is to do anything that _only_it_ is supposed to do, it needs
to authenticate. Take this with a grain of salt, for I am not an expert.

Let us know what you find.