Since we already have the specific username and password we want to strip
from errors, use a specific search string rather than a generic regular
expression. This is quite a bit more efficient than using regular
expressions and also has the benefit of being more accurate.
Also, rather than using the added overhead of fmt to convert the error to
a string, just call Error() directly on it to get the string.
Finally, instead of just stripping it, replace it with the literal
string "<username>:<password>" to avoid any possible confusion in the
error messages where it might otherwise appear the url was being
constructed incorrectly.
ok jcv@
