Wishlist by CustomerID - not good idea

You allow users to access wishlist like that:
http://localhost:51385/sitename/Wishlist.aspx?CustomerID=38
No good idea because i can access any Wishlist in you database just by changing CutomerId in URL
So i can check how many customers you have or write simple page that will download all your customers info (names & e-mails) :(

Yes, you are right. We should replace CustomerID with CustomerGUID

and here is my next question. i downloaded latest ver. and there are some problems with it (like the one with wislist) Is there a place where you list all this small things and post files to change or fixes ? - so people will be able to make fixes before next release. Or i have to wait for next release/try to fix it myself ?

We plan to create bug tracking application. But now they have to wait for next release.

Here's source code for wishlist page that uses CustomerGuid instead of CustomerID:

public partial class WishlistPage : BaseNopPage
    {
        protected void Page_Load(object sender, EventArgs e)
        {

            Response.CacheControl = "private";
            Response.Expires = 0;
            Response.AddHeader("pragma", "no-cache");

            if (!SettingManager.GetSettingValueBoolean("Common.EnableWishlist"))
                Response.Redirect("~/Default.aspx");

            if (!Page.IsPostBack)
            {
                CommonHelper.EnsureNonSSL();

                Customer customer = CustomerManager.GetByCustomerGUID(this.CustomerGUID.HasValue ? this.CustomerGUID.Value : Guid.Empty);
                if (customer != null)
                {
                    lblTitle.Text = string.Format(GetLocaleResourceString("Wishlist.WishlistOf"), Server.HtmlEncode(customer.FullName), Server.HtmlEncode(customer.Email));
                    CustomerSession customerSession = CustomerSessionManager.GetByCustomerID(customer.CustomerID);
                    if (customerSession != null)
                        ctrlWishlist.CustomerSessionGuid = customerSession.CustomerSessionGUID;
                    ctrlWishlist.IsEditable = false;
                    ctrlWishlist.BindData();
                }
                else
                {
                    lblTitle.Text = GetLocaleResourceString("Wishlist.YourWishlist");
                    if (NopContext.Current.Session != null)
                        ctrlWishlist.CustomerSessionGuid = NopContext.Current.Session.CustomerSessionGUID;
                    ctrlWishlist.IsEditable = true;
                    ctrlWishlist.BindData();

                    if (NopContext.Current.User != null)
                    {
                        lblYourWishlistURL.Visible = true;
                        lblYourWishlistURL.Text = string.Format(GetLocaleResourceString("Wishlist.YourWishlistURL"), CommonHelper.GetStoreLocation(false) + "Wishlist.aspx?CustomerGUID=" + NopContext.Current.User.CustomerGUID.ToString());
                    }
                }
            }
        }

        public Guid? CustomerGUID
        {
            get
            {
                return CommonHelper.QueryStringGUID("CustomerGUID");
            }
        }
    }

yes, this works well. thanks!