1) No it is not normal. They may be missing the page access code that should be preventint that.
2) You should store the information in a session... there is no need to add it to the URL, since it could be editied from there it isn't a safe way.
Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.
These out-of-the-box solutions provide you proven, tested applications that can be up and running now. Build a store, a gallery, or a web-based email solution.