No, I think the question is: if you're passing the URLs via email, WhatsApp, or anything else, then if that system is compromised then you've revealed the secret.
If you trust that system not to be compromised, then you may as well have just sent the secret plain-text.
In what way or in what scenario does this ever grant you MORE secrecy?
As per the documentation the secret is never shared unencrypted an the private key to decypher it is never ever in the url. It stay in the receiver local storage.
