Yes, when using our Redirection feature, the URL of the redirection landing page is necessarily exposed in their browser's address bar, so they could conceivably share that URL with others. You may find the tips discussed here of interest:
However, buyers could still share the link that we provide to access their Redirection, and that link only expires after the Attempts and Hours you specify in the product's settings, but limiting Attempts to 1 may cause problems with antivirus link scanners expiring the link before the buyer can access it themselves. It's also not possible to have a single product which redirects to an URL and also provides a file download. Rather than redirecting to a registration page URL, we can recommend a different approach that would also avoid any need for buyers to register manually with information they'd already just provided at checkout.
Our Integration and Send Generated Codes features both include a 'handshake' value in the order details we transmit to a script at your end, which you can use to validate that any data transmission actually came from us, rather than from some hacker trying to spoof a transmission. We can also recommend doing a DNS reverse-lookup on the submission IP, to verify that IP resolves back to an e-junkie.com domain.
With that approach, your script would receive the buyer's order details from our server, automatically register them in your system, and either send them an email directly providing their access details (if you use our standard Integration method) or output a code back to us (such as a password or unique access URL) that we can include in the thank-you email we send to the buyer (if you use our Send Generated Codes feature):
Also, since it appears you're selling WordPress themes, you might consider just using an existing WP membership plugin that already supports E-junkie. Offhand, we're aware of at least two such plugins that are known to support our integration methods: