Thank you for feedback! Theoretically it's possible, but it's not just digits, it's alphanumeric so the chance is very low. As another user suggested - I will add approval for new clients so it's not going to happen
Yea, don't get me wrong but bruteforcing is real and I am not sure if its quite secure even with alphanumerical. Again I can be wrong but I'd personally wager a little bit more focus on privacy while still keeping The convenience but of course there are trade offs and its hard to do it quite right.
Unless you have some sort of throttling implemented, that's not really a lot and could probably be brute forced.