Looks like the python bitcoinrpc authproxy stuff uses python "urlparse" that chokes on "/" in passwords.

AFAICT (?) it's python that is in the wrong here, but broken httpauth handling is common.

I used base58 encoding for the old code that would provide a suggested rpcpassword when you tried to run the daemon without one. I think base58 is free of any characters that will screw up url handling... and there are no compatibility issues with just changing what cookieauth uses.