You're technically right, if a lot of people use this, the owner of ycombinator1.com will have a lot of info about who shares which URLs and could actually change the redirects to whatever they want.
That being said, it's probably not much of an attack surface given the transient nature of the links.
As of right now, I have almost zero information about who is using it. It's currently running on Vercel as a hobby project, and I've already used my single free analytics add-on for another project.
(Will I run out of free Vercel function execution credits or whatever? Probably. We'll see, I guess.)
EDIT: Vercel gives me a realtime function log but it's pretty basic and has no statistics: https://cln.sh/WlXBSY
