Typically, when you buy on OpenSea or similar you're using a conventional crypto wallet (like Metamask) and you don't have a master ticket. Metamask creates a key for you, if I remember correctly, so assuming your machine isn't compromised (and Metamask isn't either), that key is yours.
Most people who hold addresses with master tickets used the urbit keygen tool, which does more or less the same thing (i.e., it generates keys locally). So the main concern is just whether or not the machine you derived those keys on is compromised somehow, or you leaked them through some other means.
The benefit of a master ticket is that it's a single seed for a bunch of secrets (ownership key, spawn key, management key, networking keys) which use different crypto algorithms and would otherwise need to come from different seeds. This is mostly experienced by people when they try to derive networking keys, which use a different crypto algorithm from eth (which we use for ownership). If you have a master ticket, we can use that seed to derive your networking keys.
Anyway, no need to change the master ticket if you derived it yourself. In the case of invite codes, Bridge uses our keygen library to generate the keys client side. So, unless you think the ticket is compromised somehow it should be fine.