You are correct, that the
~ character is preventing it from being masked.
You can view the Requirements for Masking Variables here. (Addon to that, here is the base64 alphabet outlined by RFC4648)
It is not a critical security issue. (most of our projects on our privately hosted instance don’t use Masked variables).
Since it isn’t masked, you may want to be more cautious in your pipelines to prevent it from being printed to the log output.
I would recommend potentially considering changing your project’s visibility to Private (Project > Settings > General > Visibility, project features, permissions)
or change the privacy of the Repository access to Only Project Members (in the same section as the private option). These will only allow accepted project members to view the pipeline logs, which will reduce the exposure if the secret is accidentally printed.