Re: So reading between the lines on their statement...
There's an infinite expanse of "FFS" extending out in many dimensions.
Some companies put v4 UUIDs on all objects because it's difficult to make their choice of ORM software fetch generated IDs from the database. Generating a good v4 UUID is, of course, incredibly slow so they globally replace the secure random number generator with a pseudo-random number generator. Sometimes they don't even chose a PRNG that can create enough unique values to store the expected number of objects.
Posting as anon so the guilty may fail by running out of UUIDs rather than getting exploited.