if user #1 is still an admin but with a different name you can just go to wpurl/?author=1 and if url rewriting is enabled you'll be redirected to wpurl/author/nicename and nicename is usually equal to the username
I don't think this adds the layer of security you think it does, merely a minor bit of obscurity. In context of the specific vector you reference, author={$user_id}, it probably doesn't do anything at all to protect you.
Not that there is anything wrong with adding a bit of obscurity, not using 'admin' as a username and using a non-privileged author for posts can go a long way.
However, if you are worried about someone getting your username from "author={$user_id}," using a user_id of 2,3,4,5, ect, probably isn't going to protect you. I think you are incorrectly assuming that the person that would use this method to get a username is going to stop if they get a 404 at #1(or even after just a single attempt.)
