There was no need to make those human readable; 64 character UUIDs would have been just fine; as it is they're sequential and so if you know yours you can guess some more.
FWIW, the 18-character "longer ID" is just a checksum of the first 15 characters. The ID storage format did not change when 18-char IDs were released. So, in some ways, that opportunity hasn't been missed yet ;)
yeah that would have helped, but the issue was really that either the default RBAC for contacts when using "salesforce sites" was either Public from what I remember or it was one of those things that required a lot more proper setup and people usually would "get back to it later" and never did.
So now, you have all your contacts available for unauthorized users to read, and since they provide automatic "list" pages as /<first 3 chars of record> you automatically get a nice table interface for anyone to scrape.
https://help.salesforce.com/s/articleView?id=000385008&type=...
There was no need to make those human readable; 64 character UUIDs would have been just fine; as it is they're sequential and so if you know yours you can guess some more.