In order to maintain the plausible deniability, Mega cannot store an decryption passphrase. Meaning they will not have the links to the unencrypted files. As the URL will contain the passphrase within it. The only thing required to make this private is to plug a Tor hidden service onto the front end. That way the direct link to the data is not known by the download user and Mega will not store this link without losing plausible deniability. Win win. Bad part is that all downloads now have to go through Tor (slow).