Hi,
I know this thread is about uniqid(), but MCrypt and OpenSSL
extensions are already mentioned anyway.
I think the underlying problem here is that PHP doesn't provide a
cryptographically-secure PRNG generator by default. This might not be
a concern for uniqid() in particular, but it certainly is a problem.
Both of the above-mentioned extensions are optional and as such are
not the go-to choice for randomness in most applications. The lack of
a "by default" cryptography extension is another problem, but RNG is
more important.
Cheers,
Andrey.