In fact, this is not an ambiguous ampersand, so it is great for using the HTML code you proposed. The currently accepted answer is incorrect (although I agree that it is recommended that you always encode ampersands to avoid confusion).
The HTML specification defines ambiguous ampersands as follows:
An ambiguous ampersand is a character U + 0026 AMPERSAND (&) followed by one or more characters in the range U + 0030 DIGIT ZERO (0) to U + 0039 DIGIT NINE (9), U + 0061 LATIN SMALL LETTER A to U + 007A LATIN SMALL LETTER Z and U + 0041 LATIN CAPITAL LETTER A to U + 005A LATIN CAPITAL LETTER Z followed by U + 003B SEMICOLON (;), where these characters do not correspond to any of the names listed in the link section for named characters.
Objects that do not end with a semicolon (for example, & ) are handled differently in attribute values, though:
If a character reference is consumed as part of an attribute and the last matching character is not a SEMICOLON character U + 003B (;), and the next character is a character character U + 003D EQUALS SIGN (=) or in the range U + 0030 DIGIT ZERO (0) to U + 0039 DIGIT NINE (9), U + 0041 LATIN CAPITAL LETTER A to U + 005A LATIN CAPITAL LETTER Z, or U + 0061 LATIN SMALL LETTER A to U + 007A LATIN SMALL LETTER Z, which for historical reasons were all symbols matched after the character AM + + 0026 AMPERSAND (&), must not be loaded, and nothing is returned.
But this does not apply here, since the next @ symbol.
FWIW, Ive explored this in detail and wrote about my findings here: http://mathiasbynens.be/notes/ambiguous-ampersands
Ive also created an online tool that you can use to check your markup for ambiguous ampersands or references to characters that do not end with a semicolon, both of which are invalid. (Currently, the HTML validator is doing this correctly.)
