I'm actually working on a project involving large numbers of unique codes. While we're actually going with the random system and a web service to do lookups for the end point system, that approach can introduce a lot of cost and risk.
Perhaps they want the redemption side to not be reliant upon a backend code lookup and validation system (due to uptime, performance, etc...). Perhaps they thought no one would break it, and that would save them from having to build a high availability, low latency, high throughput, lookup system with some amazingly large database tables.
But doesn't it require a live validation system anyway? Otherwise, your friend could reuse your code.
And, uh, redeeming an iTunes gift card ain't much use if the iTunes store is down. Also, I don't see why the system would have to be particularly low latency or high throughput.
Perhaps they want the redemption side to not be reliant upon a backend code lookup and validation system (due to uptime, performance, etc...). Perhaps they thought no one would break it, and that would save them from having to build a high availability, low latency, high throughput, lookup system with some amazingly large database tables.