> Some people still argue that security by obscurity works and hide everything. I doubt that.
Most things involving security also use and greatly care about obscurity of implementation. The principle is that the security should not "rely solely" on obscurity, not that obscurity has no benefits.
Usually, making software such that one can have a high confidence of it being secure is not economical. One relies on being harder to break than the competition, for which obscurity can be a big deal, and on offloading or mitigating damage when flaws are inevitably exploited anyway.
Most things involving security also use and greatly care about obscurity of implementation. The principle is that the security should not "rely solely" on obscurity, not that obscurity has no benefits.
Usually, making software such that one can have a high confidence of it being secure is not economical. One relies on being harder to break than the competition, for which obscurity can be a big deal, and on offloading or mitigating damage when flaws are inevitably exploited anyway.