There always is the risk that GUIDs are only unique if the network cards generating them have unique ids. They're supposed to but not if they're clones!

The scenario of generating ids on the client without the need for round trips is addressed more easily by giving each client an unique integer id (I assume that you know who the clients are - not just anonymous access) and concatenate that with the client's internally generated unique integer ids for each object. That gives, at worst, 8 bytes instead of 16, provides an audit trail identifying the originating client and is human readable.

I see human readability as a major disadvantage of GUIDs - they make debugging and issue investigation a nightmare!