Bruce is wise.
If you really wish to implement some security on it, you need to go the whole login hog, have the links require logons and the logons expire (typically with a short-lived cookie), so that unauthorised people just don't have all the parts needed: the destination pages look for the cookie and tell you to bog off if you don't have it (server-side, obviously, before presenting the information).
Hidden links that go to unsecured pages aren't really hidden at all.
Even if they were, the nefarious user could always
File > Save Page and mail the snapshots to their Kremlin controller.
You could perhaps wrap it in Flash, make it a bear to do that with, but that's outside my ken. It's still going to be security theatre...
And with logins, include a tracer in the source so you know which user blabbed!