As a general statement, Microsoft provides information on data security and encryption here - https://support.office.com/en-us/article/data-encryption-in-onedrive-for-business-and-sharepoint-online-6501b5ef-6bf7-43df-b60d-f65781847d6c
2. If a URL link to a project website to point to the SharePoint site or the Team OneDrive, is it secure/can it be spoofed/hacked?
Website URLs for SharePoint Online in the UCF Tenant begin with https://ucf.sharepoint.com/sites/... That URL is as secure as any cloud system Microsoft provides.
3. Are there any additional security issues for documents Shared to non-Team members via SharePoint Online? How will Microsoft and UCF mitigate this risk?
Document sharing via OneDrive or SharePoint via Teams creates no more risk than an individual sending and attachment via email. By using OneDrive and SharePoint to share sites or documents, visibility is provided to the permission of the site or document and that permission can be removed at any time.