Use POST instead of GET. I've heard it's slightly harder to intercept.
There are two ways you can go around it:
1) Assign the user a 'passcode' on a form, where they enter their BL_ID (no way to actually check they own it, though). They copy paste it into some GUI to set up their account. When you post information, post the passcode and the account & bl_id are figured out from that. Obviously this can still be intercepted, but if you're not hosting any important stuff then it's doubtful anyone will go out of their way to mess with it.
2) Make your own home-made encryption. Make the code extremely vague and try to mislead anyone. For example:
%a = "abcdefghijklmnopqrstuvwxyz0123456789";
%c = strLen(%a);
%d = strLen(%text);
for(%i=0;i<%d;%i++)
{
%z = 2334213;
%y = 13345773;
%z = 666;
//windows??
%no = 1;
%g = getSubStr(%text,%i,1);
%h = strPos(%a,%g);
while(%j)
{
%j = 0;
}
return %t;
}
OR, use both of them together. There's really nothing else you can do, Blockland has everything decompiled.