Abandoning URL embedded identities for Basic auth

Use an `Authorization` header instead, which is a safer choice than URL embedded identities (aka `http://user:pass@example.com`). [Chrome 19 dropped support][chromium128323] for URL embedded identities in XMLHttpRequest for security reasons.

Added documentation note about how this will overwrite any existing `Authorization` header that the user may have set.

[chromium128323]: https://code.google.com/p/chromium/issues/detail?id=128323

README.md

@@ -51,7 +51,7 @@ axios.get('/user?ID=12345')
   .catch(function (response) {
     console.log(response);
   });
-	
+
 // Optionally the request above could also be done as
 axios.get('/user', {
     params: {
@@ -174,7 +174,7 @@ These are the available config options for making requests. Only the `url` is re
   // The last function in the array must return a string or an ArrayBuffer
   transformRequest: [function (data) {
     // Do whatever you want to transform the data
-	
+
     return data;
   }],
 
@@ -182,7 +182,7 @@ These are the available config options for making requests. Only the `url` is re
   // it is passed to then/catch
   transformResponse: [function (data) {
     // Do whatever you want to transform the data
-	
+
     return data;
   }],
 
@@ -216,6 +216,8 @@ These are the available config options for making requests. Only the `url` is re
   withCredentials: false, // default
 
   // `auth` indicates that HTTP Basic auth should be used, and supplies credentials.
+  // This will set an `Authorization` header, overwriting any existing
+  // `Authorization` custom headers you have set using `headers`.
   // The username can be supplied as `user` or `username`
   // The password can be supplied as `pass` or `password`
   auth: {
@@ -246,7 +248,7 @@ The response for a request contains the following information.
 
   // `status` is the HTTP status code from the server response
   status: 200,
-  
+
   // `statusText` is the HTTP status message from the server response
   statusText: 'OK',