The spec says:

However, the user agent MUST NOT use the MSISDN as the telephony service id.

This should be in the security and privacy considerations section of the spec, and it should be expanded to explain why it would be a bad thing to do that.

It is not for security reasons, but because it cannot guarantee uniqueness. We discussed this topic on the F2F.

Ah, ok. Will add that :)