That would mean each salt is about 36 bits. If you create 2^18=262k folders in your lifetime using the same algorithm and same password, there's a 50% chance one of the salts is dup'd.

Maybe we can wave this as good enough, but cryptography usually has higher standards.

These don’t refer to individual directories, only top level syncthing folders. Nobody in their lifetime is making even 1000 of these.