Angelina ok, so i don't know what your schedule is like, but i wouldn't have the time to test 999,999 combinations ๐
It is 1000000. But that is just nitpicking. The more important point is that it is more than the number of combinations of a typical European โsecurityโ door lock and probably orders of magnitude than any kind of small padlock that is used on CBs. Granted, you need some kind of tool to brute force a pin tumbler lock, but on the other hand if you have such a tool you do not have to try all the combinations and can โfeelโ for the correct one (due to finite manufacturing tolerances). Obviously mechanical combination locks have the same issue, but the tolerances that are required to make that really hard are somewhat easier to achieve.
On the third hand, lock of CB has to be reasonably small, which limits the security of the lock which makes the pin tumbler the only choice that makes sense.
And then somewhat obviously, for this application the security level is probably not that relevant. The attacker is either the wearer or some other person who can be reasonably assumed to not have much knowledge about security of the thing. And even ignoring that, the risk profile is about detection and deterrence by possible punishment, which can in the extreme case can be solved by tamper-evident seals (current state of the art in this seems to involve glitter nail polish).