Seeing there are no UI tests for this feature so far but also don't think it needs any. Logic is simple and otherwise end up with thousands of UI tests :)
Still unsure if that "improvement" is good regarding usability but works as expected
same here @sgiehl . It doesn't improve security but makes it much harder to use and looks buggy. "Show export URL" does already the hiding of the URL initially. People will just click again and then be surprised there is a token (most people won't be surprised because they don't realise it is an authentication token). The problem really is that using the authentication token in the first place.