That’s really stupid if I can give an opinion. There’s nothing secure about this except maybe perhaps the part where email addresses are entered.
In my theme/layout/customer.xml I have this:
<action method="addLink" translate="label" module="wishlist" ifconfig="wishlist/general/active">
I’ved trued using <url helper="customer/getWishlistUrl" /> but that turned up to not work. I checked the app/code/core/Mage/Customer/Block/Account/Dashboard.php and the function getWishlistUrl() has array(’_secure’ => true). If I want to change this is, do I need to create a local folder copy with that array value to false?