Well, that should be clear since sharing a link with the token does not require another user to be even logged in to the hub (or, let alone, have an account on the hub). This does not seem like a big issue to me. Of course, one can distinguish users by ip addresses, if necessary.