[eluser]xwero[/eluser]
If you are going to use the steal-this-id solution you generate an id for the id_code field when the profile is created. To add security you can write a cron script to regenerate the id in the id_code field every week, every day depending how paranoid/security minded you are
The other solution you offer would be a bit faster (no query to get the real id) and one field less in your database so it is a better solution. I guess you could use the encrypt library for this.