There is nothing unique to that ID which would make it any more confidential than any other randomly-generated boot identifier. That is to say, if you use it in a way that turns it into sensitive material, then exposing it is of course a bad idea. If all you're using it for is checking if the machine has rebooted, then there's no reason it needs to be secret. It is generated by the kernel completely randomly.
From lib/uuid.c
in the Linux kernel, the following function is used to obtain random UUIDs:
void generate_random_uuid(unsigned char uuid[16])
{
get_random_bytes(uuid, 16);
/* Set UUID version to 4 --- truly random generation */
uuid[6] = (uuid[6] & 0x0F) | 0x40;
/* Set the UUID variant to DCE */
uuid[8] = (uuid[8] & 0x3F) | 0x80;
}
EXPORT_SYMBOL(generate_random_uuid);
The kernel uses this function to generate a random UUID the first time kernel.random.boot_id
is read and saves the result, returning it for any subsequent reads for the duration the system is up.