The button on the browser just navigates to the URL `git-peek://https://github.com/name/repo`. How your system handles this git-peek protocol is completely up to you. While the git-peek package does offer to setup a handler for this custom git-peek protocol, I went ahead and set it up manually. Now, my system calls this bash script whenever it encounters the git-peek protocol:

  #!/usr/bin/env bash
  # Expects a single argument: git-peek://<path>
  # Example: git-peek://https://github.com/Jarred-Sumner/peek
  kitty --single-instance --detach -e zsh -c "source ~/.zshrc; git peek $1"

You can set it up to do anything you like.

What happens if you click a link to git-peek://$(cat</etc/passwd) ?

I'm not sure. What?

Is there a reasonably legitimate reason to stop using this?

That's the issue here. You need to be 100% sure handler is entirely bug free or any site can redirect to that url and exploit any bug in it

I tend to clone things I'm just having a quick look around in into ~/tmp - sometimes I'm intending to spelunk through the history so I don't fancy having that much data sat on a tmpfs and "running rm -rf ~/tmp/* when I notice it's getting a bit on the large size" is minimal enough effort that it's worth it for having control over when things disappear.