kofi, bad security design and also just really shitty design
@xenon I think that a userid should be a database known key. Rather than connected directly with any data. For a lot of similar reasons you have stated.
Mind you. I see similar things done a lot of different places. Where either they consciously decided that, "we really want this to be a permentant thing" or failed to think about it.
mastodon.matrix.org is one server in the network