Potential Security Concerns
Here are some potential security issues that we may want to research in the future:
The user's UUID is potentially leaked to attackers in a few places. For example, in bounce email messages and in the URL of the web application. We should look into what possible attacks are made easier if the attacker knows a user's UUID and contemplate removing the places where the UUID is leaked. (The UUID is the unchanging unique identifier for every user that does not change even if the username is changed).
If you decide to look closely at any of these issues, please create separate issue for them.
(from redmine: created on 2015-10-15)