It looks like you are correct, but only if you let them generate the password. If you define your own password, then you would have to share it via another channel-
>> While the Proton server will know the URL, it will never receive the password.
>> When creating a new shareable URL for a file, the web client will first confirm that a share directing to the file exists. The passphrase of this share must then be encrypted with the new password associated with the URL. This new password is either randomly generated by the ProtonDrive client, or is specified by the user.
>> In the case of randomly generated passwords, the user can choose whether they want to include it at the end of the URL, equivalent to sharing the content publicly. This section of the URL isn’t shared with Proton servers, making the password and the content inaccessible to Proton. Alternatively, the user can choose to share the password separately.
>> In the case of user-defined passwords, this option isn’t available and the password must always be communicated separately.
>> While the Proton server will know the URL, it will never receive the password.
>> When creating a new shareable URL for a file, the web client will first confirm that a share directing to the file exists. The passphrase of this share must then be encrypted with the new password associated with the URL. This new password is either randomly generated by the ProtonDrive client, or is specified by the user.
>> In the case of randomly generated passwords, the user can choose whether they want to include it at the end of the URL, equivalent to sharing the content publicly. This section of the URL isn’t shared with Proton servers, making the password and the content inaccessible to Proton. Alternatively, the user can choose to share the password separately.
>> In the case of user-defined passwords, this option isn’t available and the password must always be communicated separately.