The MAC address is a worse problem, honestly, than that they're not random. That means your database is leaking information about which host generated the UUID, which would be useful to someone trying to exploit a particular host.
Or if you have an application installed on personal machines, it's leaking identifying information about those machines.
This is true. I wish I could find the article but years ago I remember malicious hackers that were identified by law enforcement because their virus included some windows guids, which at the time included the Mac address.
Or if you have an application installed on personal machines, it's leaking identifying information about those machines.