Yes, we still have that feature around wrapped in a plugin:
The URL will be of the form: http://discourse.example.com/invite-token/redeem/TOKEN?username=USERNAME&email=EMAIL&name=NAME&topic=TOPICID
Bare minimum URL should be: http://discourse.example.com/invite-token/redeem/TOKEN?email=EMAIL
The security issue was that we did not check for the existence of user with the email address provided but now we do in the plugin.