- URL arguments refer to arguments in the URL for GET or POST (e.g. foo.com?arg1=something).
- Body arguments refer to data communicated via POST paramaters in the HTTP request body.
A quick conclusion: The secure choice for transmission of any sensitive data is to use POST statements over SSL/TLS. Any other option will expose data at some point in the communication.