[maxerickson]

You could force or deny service on a lock that just checked a simple ID.

[justinclift]

Wouldn't that only be for poor implementations?

If the reader had a decently secure channel to the central auth piece, then it shouldn't (in theory) matter how simple or complex the id would be. (?)