Since version 2.4, BBB can use a parameter that defines the role to be used in the BBB session instead of the so called 'password' with is problematic with modern browsers.
To give a bit of context, the so called `password` used in the URL in plain text is not a real password, but a token or identifier to be used to define the role a user should have in a meeting.
The URLs used by BBB are in some way protected by a hash calculated using a shared secret. Therefore, `password` would not (should not and could not) be used for authenticating the user.
The idea is that
- create would no longer include modPW nor viewerPW,
- join will use instead of password the designated role, such as role=moderator|viewer