It's talking about email verification, not password reset systems. In other words, those types of URLs should only establish a connection between an account and an email address: they shouldn't act as a means of authentication.
It would also be to make sure an attacker can't just iterate through or guess at the emailed URLs and get valid, logged-in sessions without needing to properly authenticate.