Agreed. Thanks for bringing the loophole into picture. This is a big leak, and I hope the vaahan team notices it and fixes the same. The details you mentioned are enough to fetch the data from Digilocker.
This would enable anyone to have the copy of your RC with them, and even for stolen cars, they would be able to show the data using DigiLocker.