I'm working on a website that allows a current user to invite another individual to be friends by typing in the non-user's email address. The non-user would then receive a custom registration url by email which would, when used, automatically connect the two users, giving each access to the other's private information.
The custom registration urls will be somewhat protected by use of cryptographically random nonces (i.e., site.com/very-long-random-nonce), hopefully protecting against replay attacks or people simply guessing someone else's registration link.
My concern is that, if the email should be intercepted in transit, the interceptor could gain access to the inviting user's private information. How can I ensure that only the intended recipient will receive and use a custom registration url?