Depends on your threat model. If you're protecting against dragnet surveillance and retroactive targeted surveillance, after your link expires, then just putting the password right there in the e-mail body, with an expiring link, should work fine. For now.
Especially if it's not life-or-death, but you'd just "rather not appear in the data set, if avoidable." To each their own :)
Especially if it's not life-or-death, but you'd just "rather not appear in the data set, if avoidable." To each their own :)