I’m putting drafts-in-progess of a book on my website so that invited friends can check it out and criticise.
In order to avoid the hassle of login and passwords, I’m simply putting it in a subdirectory with an unguessable name, so that random visitors and robots won’t encounter it by chance,
for example: www.mydomain.com/xqxqx/
But it would be much cooler to give it a subdomain with an unguessable name,
for example: xqxqx.mydomain.com/
Is this safe, or is there some way that random visitors (or robots, for that matter) could discover systematically what subdomains exist in a domain?