I found a security breach in instawallet last week... I fixed it for them... they never tipped me or anything...
Correction: You found a "mistake" in their website. Some might call it a flaw, but it is certainly not a security flaw or exploit.
Please don't spread alot of FUD, this might actually be a serious matter. Someone might have exploited a real security vulnerability.
It was most definitely a security flaw. There's a reason many services that offer similar things, use the 'fragment' in the URL (the part after the # in the URL) to authenticate users. The end result is that you can't use the actual URL itself to gain access to the wallet, and need the 'fragment' as well. The fragment is entirely clientside.
To put it simply, using a url as your sole authentication is a really fucking stupid idea.