Your UUID is absolutely no secret. Any script which does anything at all for you needs it. Sending inventory, paying you, animating you, you name it.
It is completely harmless. It is true that *if* you could fake a different UUID, you could circumvent a lot of built-in security, but it's tracked on the server and manipulating it would likely require a security breach of the servers of a magnitude where impersonating a single avatar would be pretty insignificant, comparatively. It is certainly not something you can do from a script.
There has been some security vulnerabilities/breaches related to the account (login/password) and to theoretically impersonating a *sim*, but there has, to my knowledge, never been a security exploit in any way related to the avatar UUID. -Though in fairness, *if* there was, it would likely be kept rather tightly under wrap.
It is completely harmless. It is true that *if* you could fake a different UUID, you could circumvent a lot of built-in security, but it's tracked on the server and manipulating it would likely require a security breach of the servers of a magnitude where impersonating a single avatar would be pretty insignificant, comparatively. It is certainly not something you can do from a script.
There has been some security vulnerabilities/breaches related to the account (login/password) and to theoretically impersonating a *sim*, but there has, to my knowledge, never been a security exploit in any way related to the avatar UUID. -Though in fairness, *if* there was, it would likely be kept rather tightly under wrap.
There was always the last mandatory update security issue that was packet sniffing/injection allowing someone with a user's IP to spoof packets and inject them into the stream to nefarious ends but that required a user's IP (easy to get from media streams) linked to a specific user (harder to correlate but still possible) and was patched up fairly quickly with a mandatory update.
