Possibly. It looks like they've found a way to accurately 'guess' the codes Apple has already generated and distributed to be sold. The only thing for Apple to do now is recall the cards with the possibly compromised numbers and re-issue new ones with a randomly generated number.
This reminds me of when Vista came out. Someone found a way to get legitimate activation keys to activate their pirated copies, which meant that people buying them off of the shelf couldn't activate because that key was already used.
I'm actually working on a project involving large numbers of unique codes. While we're actually going with the random system and a web service to do lookups for the end point system, that approach can introduce a lot of cost and risk.
Perhaps they want the redemption side to not be reliant upon a backend code lookup and validation system (due to uptime, performance, etc...). Perhaps they thought no one would break it, and that would save them from having to build a high availability, low latency, high throughput, lookup system with some amazingly large database tables.
But doesn't it require a live validation system anyway? Otherwise, your friend could reuse your code.
And, uh, redeeming an iTunes gift card ain't much use if the iTunes store is down. Also, I don't see why the system would have to be particularly low latency or high throughput.
One advantage of, say, a hash function over (pseudo)random numbers is that the same input guarantees the same output. It doesn't seem that important in the case of gift cards, though.
Sounds like sloppy design.