Bunker urls currently generated by nsec.app aren't sensitive. But there are different kinds of bunker urls, some of which are sensitive, so I'd say you shouldn't get used to treating them lightly.