My main advice would be to obfuscate those identifiers in a way that you can use the semantics in the very specific system do want/intend to, but prevent the rest of the organization / systems / external world from using them for their own purposes. At the end of the day it's about not turning them into a public API (which means you lose control over them).
