How is that a leak ? The URL is only sent to ddg server, encrypted using TLS so no eavesdropper can read it. It also stays in your browser history and let you use the back button.