It's not really a huge problem forwarding username/password in url, but in theory it would be easier for some hacker-human to get access, for example if he can view the browser history of the device.
FGUD Ok, is a token authentification easier ?
It probably wouldn't be "easier" and token auth might require database. May I ask why you need login directly in url? Just for simplicity for the user? The most secure option is to send username/password separately (by email) and require the user to login.