Currently, the PantryID (uuidv4) is the only form of security, I am thinking that in a future release perhaps another form of authorization may be required.
Yeah, I imagine this is okay for testing, since UUIDs are fairly impossible to guess, however, you probably want a slightly more elaborate "authenticated session" based structure to ensure someone malicious who has obtained the UUID does not have an unlimited time window to exploit it.