Encryption secret (encryption key) is derived from your encryption phrase (passphrase), like in Bitcoin or Ethereum wallets - you may have dozens of encryption keys, derived from your encryption phrase.
Yes, it’s still valid, especially if you shared an access grant generated in the satellite UI - your access grant will have a default key and this fact could be exploited too.
So the better approach is to register your access grant (with uplink access register --public=true <access grant|access name>) and get S3 credentials, they still can be used in rclone and you can use your S3 access key with linkshare service to produce an URL https://link.storjshare.io/<access key>/<bucket>/<prefix/object>
Or at least generate a derived access grant in the uplink CLI using
uplink share command if you need to use it in libuplink (native integration).
If you going to share S3 credentials (which is not needed, since you can give just an URL to your bucket(s)/prefix(es)/object(s)), then you can register a derived access grant (to do not trust us your default key even in encrypted form) and generate even more safe S3 credentials.
The shortest way is:
uplink share --url --not-after=none --access <access grant|access name> sj://test
You will get an read-only derived access grant, read-only S3 credentials and linkshare URL.