Yes, it is. But using GET for sensitive data is a bad idea for several reasons:
- Mostly HTTP referrer leakage (an external image in the target page might leak the password[1])
- Password will be stored in server logs (which is obviously bad)
- History caches in browsers
Therefore, even though Querystring is secured it’s not recommended to transfer sensitive data over querystring.
[1] Although I need to note that RFC states that browser should not send referrers from HTTPS to HTTP. But that doesn’t mean a bad 3rd party browser toolbar or an external image/flash from an HTTPS site won’t leak it.