There's currently a bug in Safari, or more likely somewhere in the OS X HTTP API that breaks HTTP Authentication when there is a semicolon in the path part of the URL. This means it's impossible to use HTTP Authentication when you're building a RESTful Rails app that needs to work in Safari.
More details can be found at http://bugs.webkit.org/show_bug.cgi?id=10073
There's a test page at http://onautopilot.com/test;webkit that should ask you for a username and a password.
Right now this still seems to be broken in Leopard. It would be great if somebody who knows the right people inside Apple could try to raise awareness of this issue. It would be somewhat ironic if Leopard Server ships with Rails while this is still broken.