I was sent this URL from Engadget about Google Voice URLs being visible within Google Search. I see this kind of thing happen all the time. When you think that your URL is secure because you’re the only one who knows it, you are treading down a very scary path. At minimum combine URL obfuscation with some user level credential to ensure the person is really in control of that account. This is literally security 101.
I’ve always been a fan of obfuscation personally - people who think it doesn’t work fail to see that things like passwords are themselves obfuscation. It’s just about the fact that obfuscation only works as long as you’re the only one who knows it. As soon as you publish that information on the web, it’s just a matter of time before it goes bad - and in Google’s case, time is usually months. Chalk this up to another bad design decision. Way to go cloud!