You can generate unique tokens to also log a user in and set them to expire and set them with the link in the email. It is secure in the sense that a random person most likely wouldn't get access (easier to guess a password than a 32 character string that expires in a day or so). However, if someone else gets the email and clicks the link or the email is sent over an insecure channel then someone else could use the link to log in.
This will require custom development either way. It's not a core feature in XenForo.