I have some links that have javascript OnClick in them for added parameters for those who have JS enabled.

it takes care of the user functionality. But do the engines ignore the javascript? or the whole link? I could see them viewing this as a form of cloaking if they wanted to.

I guess there's a threat of someone linking with the whole OnClick code and causing some dupe URL issues.

Any thoughts???

If the link is still crawlable, then OnClick is a valid way to do other things as far as the spiders go, but you can't stop others from linking incorrectly to you. Not many would copy your OnClick code as part of their link.