Today when downloading a PDF document from the website of a major European transportation company, I found this, well tempting URL: (a bit anonymized)
http://www.aaaaa.aa/aa/BlobServer?blobtable=Download&blobcol=urldownload&blobheader=application/pdf&blobkey=id&blobwhere=1148305352829&ssbinary=true&filename=file.pdf
Does that URL scream "try to change me!" or not?
Possibly, it's secured by some sort of whitelist but I doubt it :) I probably should inform them about it, but there have been more than one case here of people having their computers confiscated, by the police, for "hacking" when informing companies about possible security problems :(