Well, for one, simple id’s are usually sequential, so it’s quite easy to guess at and retrieve other data from your application.

Load JSON at runtime rather than dynamically via AJAX https://stackoverflow.com/questions/395858/doesnt-matter-what-I-type-here

Now, having said that, that might also be seen as a bonus, because nobody in their right mind would make their whole security hinge on the fact that you have to clink on a link to get to your secure data, and thus easy discoverability of the data might be good.

However, one point is that you’re at some point going to reindex your database, having something that makes the old url’s invalid would be bad, if for no other reason that search engines would still have old links.

Also, here on SO it’s quite normal to use links like this to other questions, so if they at some point want to reindex and thus renumber things (or move to guid’s), they will still have to keep the old structure and id’s.

Now, is this likely to ever happen or be needed? Probably no.

I wouldn’t worry too much about it, just build your security as though every entrypoint to your application is known and there should be no problems.