Okay, in real life I need private addresses because I connect to things that are only available over IPv4. So there’s some negotiation to make sure that my private network does not have an addressing conflict with the other network, there are NATs in the way, and traceroute gives output that is every bit as bad as you would expect. The ACLs that everyone (arguably quite reasonably) sets up suck are fiddly because the clients don’t have well defined address ranges. When people allocate /24 subsets out of IPv4 private space, the probability of collision is annoyingly high. Amateur hour indeed.
I would take globally unique but “private” IPv6 addresses, over private links, with private routes (dynamic or static), and ACLs that actually make sense any day. Heck, I would happily go IPv6 only!
Private addresses offer no security benefit whatsoever. If you have no firewall, nothing at all prevents me from doing `ip route add 10.0.0.0/8 your.routers.ip.here`
IP is silly and refers to next hops by IP address, which fundamentally makes very little sense, because IP routing actually works by sending packets toward either whatever is on the other end of a point-to-point link irrespective of its address or toward a certain destination on a certain link, where that destination is addressed by a link-specific address (generally a MAC address). In common usage, the sole purposes of a next hop IP address are to identify the link (implicitly, while configuring the route) and to tell the router what IP address to ask for via ARP / neighbor discovery so it can actually route there.
With that in mind you are (on Linux, anyway) very much prevented from this particular mucking around:
$ sudo ip route add 1.2.3.4/32 via 5.6.7.8
Error: Nexthop has invalid gateway.
Because it's not actually possible to route a packet via a host that isn't locally reachable.
You can try to send packets using various encapsulation schemes to try to convince an intermediate router to decapsulate the packet and forward it to an attacker-controlled address, and someone manages to pull this off every now and then. Actually getting the evil packets in question to traverse the public Internet can be challenging but is not necessarily impossible. So the actual point stands -- relying on a private IPv4 address range to be unreachable by the general public merely by virtue of being private and without using an ACL is a mistake.
(a) addresses that are globally unique but not globally routable. (These are extremely common in IPv6. These are not so common in IPv4 because IPv4 addresses are expensive, so people try to minimize usage, so people will try to avoid using paid-for globally unique addresses for non-routable purposes.)
(b) addresses that are in ranges that are, per spec and actual usage, only even defined within an organization and are not globally unique. For example, 192.168.0.1.
(a) and (b) are not the same by any useful definition. Sorry.
The difference becomes apparent when you connect or combine organizations using the same private range. It's a lot simpler to route networks (not globally, privately) when the ranges are unique. There's no NATs, double NATs, and other nonsense to deal with.
Even without this, it's a lot simpler administratively. I have about 20 AWS accounts, all with their own VPCs, all using the same 10.0.0.0 block because... well.. nobody thought about this. What do I do if they need to communicate? (They probably won't, but...)
Anything else is amateur hour madness.