In emailed password-reset links, include email address in theURL query

To reset a password, users get an email with a link. When they click that link, they are taken to my app’s password reset form. I follow the Strapi documentation and this is functional.

In the password reset form, I’d like to pre-populate the email address, so the user only needs to input a new password. Currently the user has to input their email address when coming to this form; I’d like to eliminate that.

How can this be done?

One option is for Strapi to include the relative email address in the emailed password-reset link, like so:

Are there any issues with doing so, security-wise?

Is this something that’s possible with Strapi ?