Well, that’s not true security. Someone could always connect the dots and figure out if a unique ID in one sheet matches a unique ID in a user sheet that contains Personally Identifiable Information (PII) of the user. Plus, that prevents you from being able to use row owners if you ever need it, since you would no longer have an email in the sheets. There’s nothing wrong with using IDs to link data, but don’t rely on it as a security feature.
I use keys to link all of my tables together, but I only do that as a way to properly link database relations through keys since the unique keys will never change. I do not use that method as a way of securing data, as it only slightly masks the data. It does not make it secure. Once somebody figures out your methods of hiding data, then you can’t stop them from exploiting it.
https://securitytrails.com/blog/security-through-obscurity
As always, follow Glide’s recommended practices for security. Not only for your sake, but for the sake of your users. You would never want to have to explain that you exposed all of their personal data because you took shortcuts to save a buck or make something easier. Even large companies make this mistake. If there is ANY data that you have in your app that you do not want exposed to any potential other users of the app…please remove that particular data or properly secure it as recommended.
This user found out the hard way that there is always someone out there that could potentially cause harm.