The link you are not meant to share is obviously the link they sms to you, and in this case why WOULD you share that link? It’s in an sms. I’ve never forwarded an sms conversation between myself an one person to a third person — It just doesn’t happen. When has anyone ever forwarded an sms from one person to another?
There are an array of things facebook can do to secure this feature as best as possible. Assuming facebook is handling their security correctly there likely isn’t anything more to be concerned about here than worry about someone trying to brute-force their way into your account through the typical login page, or trying to session hijack via cookies.
Your phone is on you. If you don’t secure your phone then facebook is only one of many accounts that are now vulnerable. That they send you a url via sms directly to your person that logs you in isn’t really anything to be upset about, on the face of things.
I’m curious if you do actually have full-privileges via the link, or if it only lets you view and make posts. It has been awhile since I’ve tried to change anything important in my account, but I’m under the impression they, like many places (e.g. Google), require you to re-enter your password on sensitive actions to confirm you aren’t some idiot messing around on someone elses computer/phone and screwing-up their account.
You can’t sit on someone elses computer, while they are logged-in, and alter their Google account, for example.
If the worst thing someone can do if they somehow, somehow, got a hold of this magic fb link is to make posts and view content then that’s not the worst thing in the world. It shouldn’t come to that in the first place, but even still it’s a step removed from total account access.