Whats cool about this is that when you click it in a nostr client that doesn’t support encrypted images in dms, it could open on filehost.com and decrypt it clientside for display

I wouldn't put the secret in the URL. Otherwise, the image host also has access to the secret and thus the image.

This is a little less descriptive than a nip19 link which says it has a secret, more parsing and expectation required to know that a random URL might need decryption