Note that resistance against collisions is not a minor problem (and specially not the resistance against predictable collisions): see how this caused severe security problems on the Internet, allowing time-based side-channel attacks to reveal private data with littel efforts (for example the leakage of private data by implementation bugs in processors for managing its internal caches or for allocating internal computing units shared by concurrent threads or processes; similar leakage also occured in web services, allowing external attacks to spy on other users of the service, such as detecting their presence or actions in the service or finding their access passwords or other private data, or to create collisions to attack network protocols with specially crafted usage of the service by malicious third parties, using side-channels that are difficult to detect but were acting like "man-in-the-middle" spiers; some of these defects did not require any user action from the owner of the private data or any intrusion in the service or direct or indirect cooperation by a worker or manager of the service).
All hash tables (in Lua or any other language or system) are good candidates for such attacks trying to predict the collisions detectable by time-based side-channel attacks. It should be remembered that hash tables are used instead of lookups only as an optimization that works well for 95% of initial cases, but that may be abused later for the remaining 5% of cases (notably worst cases). This consideration applies to all other optimization technics (notably the implementation of caches, many of them also using hash tables internally, the situation becoming even worse when the cache uses a simple but poor "cache eviction policy", such as LRU).
