Are security concerns sending a password using a GET request over https valid?

We have webpage which uses the sapui5-framework to build a spa. The communication between the browser and the server uses https. The interaction to log into the page is the following:

1. The user opens the website by entering https://myserver.com in the browser
2. A login dialogue with two form fields for unsername and password is shown.
3. After entering username and password and pressing the login-button
4. an ajax-request is send using GET to the URL: https://myusername:myPassword@myserver.com/foo/bar/metadata

According to my understanding using GET to send sensitive data is never a good idea. But this answer to HTTPS is the url string secure says the following

HTTPS Establishes an underlying SSL conenction before any HTTP data istransferred. This ensures that all URL data (with the exception ofhostname, which is used to establish the connection) is carried solelywithin this encrypted connection and is protected fromman-in-the-middle attacks in the same way that any HTTPS data is.

An in another answer in the same thread:

These fields [for example form field, query strings] are stripped offof the URL when creating the routing information in the https packaging process by the browser and are included in the encrypted data block.The page data (form, text, and query string) are passed in theencrypted block after the encryption methods are determined and thehandshake completes.

But it seems that there still might be security concerns using get:

• the URL is stored in the logs on the server and in the same thread
• leakage through browser history

Is this the case for URLs like?

    https://myusername:myPassword@myserver.com/foo/bar/metadata    // or     https://myserver.com/?user=myUsername&pass=MyPasswort

Additional questions on this topic:

• Is passsing get variables over ssl secure
• Is sending a password in json over https considered secure
• How to send securely passwords via GET/POST?

On security.stackexchange are additional informations:

• can urls be sniffed when using ssl
• ssl with get and post

But in my opinion a few aspects are still not answered

Question

In my opinion, these are valid objections against using get. Is it a bad idea to use get to send passwords?

Are these the attack vectors, are there others?

• browser history
• server logs (assuming the url is stored in the logs unencrypted or encrypted)
• referer information (if this is really the case)

What are the attack vectors when sending sensitive data (password) over https using get?

Thanks