It depends on the level of security you require. Basically, your security should be so good that you do not rely on "security of obscurity." You had to simulate each threat, understand it and develop an impregnable defense.
In real life, this is a little harder to achieve, and the focus is on what is commonly called "security in depth." In other words, you are doing your best to have an impregnable defense, but if some simple disciplines make your attacker more difficult, you will also be sure to go with that effort. There is much evidence that the first step in any attack is to attempt to count the technology you are using. Then, if there are any known exploits for this technology, the attacker will try to use them. In addition, if an exploit becomes known, attackers will look for potential victims by searching for the signature of a compromised technology.
Identifying the TCM URIs in your public circulation is as useful as telling the attacker that you are using Tridion. So, in this respect, the SiteEdit code is exposed. If you use Tridion, it is not necessary to do any of this. You can simply display a website that does not provide any information about its implementation. (The ability to avoid providing these tips will be a tough requirement for many large organizations choosing WCMS, and the strength of Tridion in this regard may be one of the reasons why the organization you work for chose to use it.)
Thus, while there is nothing in the TCM URI that in itself causes a security problem, it unnecessarily provides information to potential attackers, so yes, it is a security problem. Financial institutions, government organizations, and large corporations generally expect you to make a clean implementation that does not help the bad guys.