I see no issue with allowing the Sender to optionally include an Endpoint resources in the Bundle. That's essentially public information anyway. A client (or attacker) will still need to authenticate before requesting anything from the Endpoint.

Existing Wording:

Note To Balloters We are actively seeking input input on whether or not to document how to transmit endpoint data intended only for the immediate recipient (which may be the final recipient or an intermediary) recipient of the operation and to provides the recipient with the technical details for getting additional information from the medical record for the alert - Note that this has serious security implications as it may contain sensitive access information.