Except, Philip, if the decryption requires the user to enter a password, then even WITH the decryption code staring you in the face it can be a huge project for somebody to "break" the encryption. Certainly not impossible, but it would take even a hacker with powerful tools minutes to hours to do so. And some of the better encryption algorithms that I was shown (forcefully...<grin/>) would possibly take days to crack. All you can do is guess at passwords, shove them into the decrypter, and see if you can find a pattern in what emerges so that you can make a better guess at the next try. If the output is, itself, not plain text, then even looking at what emerges doesn't help a lot.
I could write a pretty simple encrypter that I would bet would take you hours, at best, to crack.
NOW...Is it "safe"? Of course not! Is it safe enough for practical purposes? Yes.
But, then, so is your idea of simply using a weird URL safe enough for practical purposes. I really like that idea. It's enough to keep out nosy people, even if it won't keep out the determined hacker who will try millions (or more) of combinations. I absolutely agree with you that it's a simple and effective way.
An optimist sees the glass as half full.
A pessimist sees the glass as half empty.
A realist drinks it no matter how much there is.