Would it be a bad idea to set sources.list and sources.list.d only root permissions?

I need to add an repository that requires OAuth 2.0 authentication so I've got to pass it an access token. One of idea is to write it as a query parameter or as Basic Auth password in /etc/apt/sources.list file:

deb http://oauthrepourl.com?accesstoken=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9  suite classic

OR

deb http://somelogin:eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9@oauthrepourl.com  suite classic

But I guess it would be unsecure to keep an access token there because sources.list and sources.list.d files are accessible to read for all users:

-rw-rw-r-- 1 root root  2852 апр 24 13:41 sources.list
drwxr-xr-x 2 root root  4096 сен 25 10:17 sources.list.d

Would it be a bad idea to make sources.list and sources.list.d content only accessible for root user (-rwx------)? You can use apt anyway as a root (as it has to be though) and usual users would not be able to stole the access token from these files. P.S. I know there's an file /etc/apt/auth.conf that would help to keep it in secret but it seems my distribution's apt is too old and does not support it.