Asymmetric cryptography rely on two numbers: the public key & the private key.
In this case, the private key is used to sign a piece of data (the hash of the transaction). The Public key allow to check that the signature is legit - and it is also used as the account number.
Both public key & signatures can be shared publicly. The computing power required to find back the private key from those data is so high that we generally consider that nobody will have the technology before around 20 years.
This is what makes blockchains reliable. So:
- An attacker can't find your private key from the transaction envelope.
- If an attacker changes the transaction object, the signature will become invalid (hash changes) and it won't get validated on the network.
Stellar Authenticator & Cosmic Links can be used to share partially signed transaction as URLs, just like you described in your question.