the return url parameter is always the same url as the page that the user is currently visiting so the user already sees that url in the browser navigation bar. there is no security issue about that.
the idea of the return url parameter is to come back to the current page after login which is especially important to user experience when a user needs to login to complete a purchase in webstore or needs to login to post in the forums for example.
the user will never see a return url for a page that they do not have access to, it is always the same url as the current page the user is viewing