I'm not sure this is even needed anywhere as in most places where DB ID's are used they are restricted, so it's not like data can be scraped by iterating numbers.

But we should review the API and verify this and if there are cases where it makes sense to help prevent abuse, we should make these updates before we actually launch to avoid migration headaches for potential apps in the future.