There are issues here that could lead to more security problems. The OAUTH token for the entirety of RM exists in that URL. This means that with some knowledge of HE someone could take that link and do almost anything that you do with RM.
Change variables, run/pause/unpause/cancle rules
See this post. https://community.hubitat.com/t/rule-machine-api/
The stance from Hubitat in general has been to not share cloud links with untrusted parties.
