If the service wikidata-externalid-url is important enough for WMF, then WMF itself should provide this service in a secure environment. This is not something a random user should operate.
Right now this service is used all over nowiki because P1630 was assumed safe in production. This is not safe at all, as a user accessing any of the external links using this service will expose their activity instead of a simple link.
If this is acceptable for WMF, fine, but then a full security audit of the service should be made and any developers or maintainers should sign the necessary privacy agreements.