Why are bucket names not encrypted?

As a first step this can help, however it does not completely solve the underlying issue. And I think you even made it worse:

I just happened to be able to test on the test satellite and noticed that for some reason every new user now has a bucket called ‘demo-bucket’. Now that gives every ‘hacker’ a wonderful starting point where to look for potential data leaks.
I did not test this but it seems together with the default settings for creating Access Grants (which gives all permissions for all buckets) the ‘demo-bucket’ is included when a user creates an Access Grant with default permissions and therefore will be exposed automatically.

So whenever I get to see a StorJ DCS linkshare publically shared, I can try out if bucket ‘demo-bucket’ is accessible and what data it contains. I don’t think this is how it should be.