Maybe there should be a better address encrytion

[rayline]

The address is just encoded with base64, and address may be logged by gateways or firewalls it passed, which may be an unexpected privacy leak. Some firewalls now already have the function to filter the base64(or something else) content in url parameters, so it is not just a guess. I know that we can deploy it with SSL, but it will be surely better if it is safe everywhere

[Athlon1600]

base64 encryption is just the default. You can change it into something more secure through config.php:
https://github.com/Athlon1600/php-proxy-app/blob/master/config.php

Look at all the options.