In this case, the site controls encryption and decryption. With Nostr, we would encrypt it directly on clients, which then requires clients to follow whatever encryption scheme the hoster is providing in their viewer. The URL also gets saved in the browser history which is not great.