The good news is that it looks like Google has already fixed it via a patch. According to Google, “This commit restricts access to this system property to cameraserver and dumpstate and shell SELinux domains. Test: Camera works, serial number property still available via ADB, but not readable by apps.”
In case you’re wondering what the big deal is, the serial number essentially identifies phones individually. It could be used to pinpoint your phone specifically and also track you, which is clearly not good for both security and privacy reasons. It seems that with this patch, it will restrict access to the serial number and prevents other apps from accessing it.
It has been tested and it appears to work. This patch is expected to be part of the upcoming January security update which should be released soon, so Pixel owners will want to keep an eye out for it, especially if you value your privacy and security.