I don't think most people realize when you enter a url for an https address such as instawallet, the part of the url after instawallet.org is sent as an encrypted string
https://www.instawallet.org/"encrypted string"
The actual password or whatever in the url is not sent as plain text and is not readable by all the hops inbetween.
Now if chrome is treating everything entered in the search/url bar as a search, even a full https url, and sending it to google, that is a serious problem.