First of all, this has nothing to do with Forms Authentication.  It's actually a bug in the URL Authorization module.  On systems that are subject to this bug (not all are), the same problems will be present if you are using, say, integrated Windows Authentication instead.

Furthermore, if you're running Windows Server 2003, this doesn't affect you. It automatically does preprocessing of the URL before it gets as far as ASP.NET, converting backslashes to forward slashes.  (And as someone already pointed out, installing URLSCAN on older versions of IIS also fixes the problem.)