It is a security flaw to have to make a share document link public without being able to set the password and expiration date first. This is a very important feature for your privacy-focused target audience, so it doesn't make sense to hide it in the settings and FORCE the user to make their private data public during the set up phase. It should be on the share screen and very obvious. In fact, you can make a whole separate option so that it is mutually exclusive with the publically accessible link toggle.