1. Bucket names must be globally unique (or at least account‑scoped) to stop “squatting” attacks
“If you mean to use a secret prefix (i.e. pepper) then, that would generate effectively globally unique names each time (and unpredictable too) …” – xxs
“I think a better policy would be to disallow bucket names that follow the account regional namespace convention, but don’t match the account id indicated in the name.” – JoBrad
2. Cloud providers’ naming rules are a major pain point
“A single pool of unique names for storage accounts across all customers has been a very large source of frustration, especially with the really short name limit of only 24 characters.” – vhab
“The naming restrictions and maximum name lengths are all over the place.” – mwalser
“S3 was well aware of the pain … and even the idea of this kind of scale of operation wasn’t seen as remotely probable.” – Twirrim
3. Bucket names are public, so treating them as secrets is risky and often impractical
“If your bucket name is ever exposed and you later delete it, then this doesn’t help you.” – why_only_15
“I started treating long random bucketnames as secrets years ago.” – INTPenis
“Buckets are also user‑facing resources, and nobody likes random directory / bucket names.” – Galanwe
“The subdomain you use in DNS requests are not private; attackers can collect them from passive DNS logs.” – 8organicbits