What is the security risk of making a user ID guessable? The user ID should generally be irrelevant to the client, so simply don't expose it (avoid sending it to the client, even as a "hidden" field or parameter). Where necessary to use, take it from the session.
Making user IDs harder to guess doesn't add security, it adds obscurity. Focus on building a secure system first.