The issue at that time was whether the link was coded in html (which does work) or done through a redirect script (which of course doesn't work)
If you code the html in the links, most browsers will de-entify prior to sending the request to ccbill, in which case you get credited. There were some strange browser versions that didn't de-entify properly which caused some issue. I would bet that less than 1% of the browsers don't properly handle entities in urls now.
However, if you are coding the link and sending it through a php redirect script,
Code:
<?php
header("Location: http://www.ccbill.com?asdf&pa=1234");
?>
will not get translated properly on ccbill's side. Granted, the link is not in proper form, but, its so prevalent that I think ccbill (and any other affiliate program depending on an & or ? in the url) should properly try to de-entify the url before processing. Almost every traffic trading script will entify the url when it is placed in a database and redirect the surfer via an entified link.
I don't recall the exact syntax, but, you could always wrap the stuff that doesn't validate in CDATA blocks which would allow those urls with & to validate.