Math.random() is not secure

[markstos]

Consider replacing getUid() with secure-random-string for cryptographically secure random numbers.

It has the option to continue to make them 16 characters log as before if you prefer.

[Illizion]

might drop in with a pr on this one later =3, could be pretty dangerous in PrOduCtiOn :o