I should also add that we don't use the URL for any kind of security/lookup. we rely on other information for that. as such the aim is to give readable canonical urls to your application, much like most apps use a /{username} slug
thanks for the link, I agree it's bad practice if there's any kind of lookup/security based on the slug. We have a few other mitigations against looking up anything security wise from the slug itself. but will take it into consideration as I agree it increases guess-ability of the slugs and could leave us open in future.
It's just an eyesore. If I see some random ID, I won't be bothered, but to see my name with some suffix to it - it's ugly and not a common practice anyway. There are better ways to generate unique IDs and hashids make them pretty short as well (shorter than their numerical counterparts, I mean).
