For the majority of cases this is not a problem, since we expect URLs to be properly decoded before being sent to the browser. However, anything involving a redirect through PHP header() or JS window.location | window.open fails to interpret a long URL with query params properly.
required_param() and optional_param() use $_GET as a direct lookup, but this global variable fails to find params that are separated by &
The new moodle_url() constructor, however, correctly interprets this type of URL and parses the params appropriately.
I've attached a small patch that uses this new code and resolves all current popup/redirect issues linked with query params. It still uses $_POST in priority.