There's quite a difference in the things you describe.

Some sites use identity tokens in the URLs, so this feature turns all broken on-site links on these pages into security breaches.

(One could argue that identity tokens in URLs are a very bad idea anyway, but this "feature" makes it even worse).