[trebor]

If the link is sent unencrypted a potential email relay or packet-sniffer could scan for the links related to your website and open it before the recipient. It would be easy to automate at any level. They wouldn't have context, sure, but they'd have whatever it is you wanted to send and your recipient wouldn't.

I don't think this is likely to happen.

Is your delete permanent, if not secure?

[brendoncrawford]

All of their http traffic redirects to https.

[trebor]

I didn't mean in reference to their site, but how the end-user transmits the link to a recipient.

[asdfaoeu]

The idea is that would be detectable because the recipient would no longer be able to view the actual link and the password can be changed again.