I may be totally missing something. Either way, I though I would share this and hopefully some developer can help me formulate a script to execute my idea.
I had an idea that I think would expose what I think is another snapchat privacy flaw, however this one may not be patchable without completely rethinking the way SnapChat functions. If I am correct, you could allow my script to run for a couple hours (or minutes depending on how well it is coded) and extract any snapchat user's phone number given their user name.
Here goes: When you add a user on snapchat, their user name will just appear as their username. However, once you add that person's number, snapchat locates their account and recognizes that you now have them added as a phone contact and as a snapchat contact, at that point it changes from displaying their name as their user name, to their name that you gave them as your contact list. (i.e. instead of "jnsmthr0x" it becomes "John Smith")
So. A script could allow you to enter the snapchat target's username, and given that snapchat is practically open source all it would need to do it keep entering a variation of numbers for a mock contact until snapchat change from displaying "jnsmthr0x" to "John Smith" and that would be the user's actual phone number. To simplify things a little bit, you could enter in which area codes the user may have. Assuming you know which area codes it could possibly be, you can run the program a few times trying each one, thus eliminating the first 3 digits and speeding up the process.
Again, I maybe totally off and this could be a stupid thought. But if not, and someone decides to help me code it (or codes it on their own), I kindly ask that I be given credit for the idea!