The hostname is usually the first part after "http://", but there is one case where it isn't the first part. When a URL contains a username and password, they confusingly appear before the hostname, like this:
http://username:password@www.site.com/
A quick glance at
https://www.paypal.com:index.html@www.evil.com/
might not reveal that you are in fact connecting to www.evil.com, not www.paypal.com. Luckily, Firefox protects you by warning you when you click a link to a URL containing a username or password, and displays dots in usernames and passwords as "%2E" instead of as dots.
don't drag filenames, or text that could be a filename! (Fixed in Internet Explorer. Fixed in Firefox, 206859.)