Hello there,
Yes. In general, it is best to check whichever platform you are using’s docs about their impl of this. Although, the implementation is almost identical across the popular online editors (Repl.it, Glitch, CodeSandbox).
As I understand it, any .env file is automatically hidden. It can be made visible to other users, provided they are invited to join the coding project as members (terminology may vary).
If the link to the project code is merely shared (no invite sent), then the .env variables are not accessible by whoever uses the link.
Hope this clarifies.