If the data is Url Encoded, is it secure enough to send login credentials over HTTP GET?
Not at all. URL encoded is easily reversible. You should encrypt the transport layer (i.e. use HTTPS)