[pdkp]

I don't think this adds the layer of security you think it does, merely a minor bit of obscurity. In context of the specific vector you reference, author={$user_id}, it probably doesn't do anything at all to protect you.

Not that there is anything wrong with adding a bit of obscurity, not using 'admin' as a username and using a non-privileged author for posts can go a long way.

However, if you are worried about someone getting your username from "author={$user_id}," using a user_id of 2,3,4,5, ect, probably isn't going to protect you. I think you are incorrectly assuming that the person that would use this method to get a username is going to stop if they get a 404 at #1(or even after just a single attempt.)