compromising the security of the secret
The secret is currently more secure than a private key. Even taking 10 bytes out of it, an attacker would need to mine the other information and is unlikely to be able to do it before the secret expires in a week, and even harder to do it until the person reveals it, often in a minute or so.
why not use a registry of known platforms?
We could do both: since we would not enforcing the hash, nothing prevents someone from picking just 0001.
But having a permission less registry could be very useful to tie the name towards an ens name. So the way it could be done would be: get the first 6 letters of the name hash and check if it’s in usage. If it is, then increase it by 1 until you find an empty slot. It could either be done by a common database or directly on chain in a new contract.