The problem with just using very-low-possibility-of-collision filenames alone is that the filename alone doesn't guarantee that nothing else can create the file with the same name. You still need to use sysopen and O_CREAT|O_EXCL to atomically test-and-create to be sure that you're creating the file you expect.

If you'll learn and consistently use the secure idiom (or let mkstemp do it correctly for you) you'll save yourself from recreating any of the huge number of *NIX exploits of yore.

(For those not familiar with exploits of olden days, it was quite common for setuid programs to use a predictable temp file name but not to check if the file was present before clobbering its contents. It was then possible to (for example) symlink that predictable temp file to something vital (/etc/passwd) and get the contents overwritten which then allowed some sort of privilege escalation afterwards.)