But that's not really due to using a small $e$ rather, it is due to not applying a proper padding. Actually, with RSA as you describe, there is a problem with a very small $e$: if you use $e = 3$ and encrypt the very same message $m$ with three distinct public keys, then an attacker can recover $m$. On the other hand, there is no problem in having a small $e$, down to $e = 3$. The accepted wisdom is that trying to get a $d$ much smaller than $n$ is a bad idea for security. On a more general basis, if the size of $d$ is lower than 0.29 times the size of $n$ (in bits) then there exists an efficient key recovery attack. Solution \\Python answer pow (101, 17, 22663) RSA Starter 2 Encrypt the number 12 using the exponent e 65537 and the primes p 17 and q 23.
If it is very small then an attacker can simply try values for $d$ exhaustively. This is the recommended padding algorithm for RSA encryption. It provides probabilistic encryption and is proven secure against several attack types. $n$ is public (by construction) so $d$ must be kept private at all costs. OAEP (Optimal Asymmetric Encryption Padding) is a padding scheme defined in RFC 3447. That being said, $d$ is the 'private exponent' and knowledge of $d$ and $n$ is sufficient to decrypt messages. First I must state that a secure RSA encryption must use an appropriate padding, which includes some randomness.
