I agree it's often motivated by security reasons, but it's of rather questionable effectiveness. Don't put confidential information in the DNS, ever.
Re the Valve case: this could have been also found with a simple ip range port scan, or a bunch of other ways. In the end it was just a server in the network with no access control configured and they happened to spot it in the DNS records first.
"In the port scan logs, I found an interesting server which was in Valve's network range from another corporation named Tangis that specialised in wearable computing devices," he says."
Also, in the modern world, you can see the web servers in a domain in the public cert transparency logs.
Re the Valve case: this could have been also found with a simple ip range port scan, or a bunch of other ways. In the end it was just a server in the network with no access control configured and they happened to spot it in the DNS records first.
"In the port scan logs, I found an interesting server which was in Valve's network range from another corporation named Tangis that specialised in wearable computing devices," he says."
Also, in the modern world, you can see the web servers in a domain in the public cert transparency logs.