Why not use email address in unsubscribe link

Give me few reasons why NOT to include email addresses in plain text form for unsubscribe link that gets sent out in our newsletters.

Right now it's:

xyz.net/unsubscrible?uid=123&[email protected]

I am pushing for:

xyz.net/unsubscrible?uid=123&key=(encrpted_email_md5hash).

I don't really like the idea of throwing email addresses in plain text, but need to convince my manager for possible threats.

Update: While all the answers were suggesting how I should secure it and NOT reason why I should secure it, I find do-ob's answer most appropriate.

Solution

For the same reason that banks don't have links like

bank.com/applycredit?ssn=123456789&name=john+smith&dob=19500101&married=true&address=...

it can easily be intercepted and interpreted.

How to grant save dashboard permission in OpenSearch Dashboards
Which procedure is more secure for encryption using Password and Seed
Storing API keys & secrets on servers
How can I tell password managers what pattern to use?
Mac OS X: Application with NX flag, Stack Cookies and ASLR enabled?
Where to save a JWT in a browser-based application and how to use it
Does my code prevent directory traversal?
How to securely store access token and secret in Android?
What's the difference between retrieving WindowsPrincipal from WindowsIdentity and Thread.CurrentPrincipal?
Can't find class org.bouncycastle.cms.CMSSignedData
Safety of leaking memory
Security Warning when running scripts - Unblock-File not unblocking file
Why do people put code like "throw 1; <dont be evil>" and "for(;;);" in front of json responses?
Secure method to download files in Ruby
Amazon Web Services : Setting S3 policy to allow putObject and getObject but deny listBucket
Escaping strings for use in XML
Limiting the scopes of an OAuth 2.0 flow
Protecting against MitM (https) seeing password with encryption using included pub. key in iOS/Android app
Why are iframes considered dangerous and a security risk?
Vulnerabilities in spring-webmvc-5.3.39 to 5.3.40
Limit GraphQL Queries by Breadth
Securing a UDP connection
Cross Domain Form POSTing
How is PHP's mt_rand seeded?
Customize android app preview when it is in background with secure flag
Can a client-side login be safe?
How to store sensitive data in React Native or expo code ? ( with Keychain and Keystore )
How to validate if a URL is an Okta domain?
How to make Google Analytics respond to "Do Not Track"
My Vercel API tokens leaked on GitHub. How do I regenerate them?