From a Trac ticket [0]: "Using incremental URLs (i.e. /comment/1 is the first comment and
/comment/2 is the second comment, respectively for base 64 or other
counting systems) is highly dangerous for private information. You could
simply get all of the, say, private comments by accessing all comments
sequentially and picking out the ones that are private. This can apply
to confidential files (link sharing), personal information and more. There should be a section in the "Security in Django" about this."