How does it work?
This tool uses your browser's built-in functions to encrypt and decrypt data. This means all operations are done inside of browser and never leave your computer. To avoid sending data to the internet your browser must have this support, which most modern browsers do.
How secure is it?
Algorithm itself is the AES winner and is certified by CRYPTREC, NESSIE and NSA. However its implementation depends on browser vendor and not developers of this tool.
Algorithm used is AES-CBC with key derived by hashing original password with SHA-256, effectively increasing key size.
AES was approved by NSA for top secret use. That said, data is only secure if password remains private. Sharing generated URL/password must be done with care. In addition to that, sharing URL/password and message through same medium (SMS, email, chat) defeats the purpose of encryption as both parts needed for decryption are available.
Why is password field populated automatically?
In order to provide better quality of encryption this tool will generate random password 16 characters in length every time it's opened without any additional information. You are free to change this password to something else.
Why does the URL change while writing password?
Part of the URL contains password you are entering to make sharing easier. After entering entering the password, all you need to do is share the generated URL with recipient and send message contents through different medium (SMS, email, chat, etc.).
All they need to do then is open the URL you provided, paste contents of the message and click on the "Decrypt" button.
It's important to note part of the URL which contains password is never sent over internet when page is opened. It stays local and private to your browser.