Chris, you make some good points, but I’d qualify your point about security.

Security depends on your context. The biggest consideration here is making sure that competitors can’t easily guess your business vitals. I’d consider that a kind of security, and technical considerations about the implementation of libraries like uuid-ossp aside, I think that v4 UUID’s are a great improvement over sequential integer ID’s.

If you’re using UUID’s as a replacement for access controls of your resources (i.e., security through obscurity), then yeah, that’s a bad idea. But insofar as gaining info on vitals is concerned, exposed ID’s are in and of themselves the resource that you should be hardening.