For instance suppose somebody logged into Moodle in a public computer lab clicks on such a link. Subsequent users of that computer could easily find the md5 hash of the previous user's Moodle password in the browser history cache. This would enable those users to gain unauthorized access to the target web site of the link. It would also enable those users to mount a dictionary attack on the md5 hashed Moodle password with a fair chance of success. If they succeed, they can log into the Moodle site.
A much better way of authenticating would be to concatenate the user password md5 hash with the other parameters and then take the md5 hash of this concatenated string. Alternatively the data could be hashed with a teacher supplied pass phrase or an administrator supplied pass phrase. The administrator supllied pass phrases should be stored in some separate configuration file, say accessCodes.php having the following structure:
$accesscode['http://www.example.com/blah/blah'] = "Pass phrase 1";
$accesscode['http://www.topsecret.org/blech/blech'] = "Pass phrase 2";
I attach below a picture of the setup for such authentication.
Also Moodle should have the ability to be the target of such web links from other Moodle sites.