That could be, although I'd guess obscurity in this case might reduce the likelihood of random mentally ill people minor threats, and also reduce the likelihood of being the chosen target of some more capable terrorist threat.
(Even random mentally ill people are likely to have access to firearms, and maybe heavy vehicles.)
Before cloud got big, I used to have a personal physical server colocated at a network facility, in a nondescript commercial building that you had to know was there, and turn off the main street to get to, with no signage I could see. (Also, biometrics scanners, when those weren't consumer things, and a waiting room that seemed to securely lock in visitors, in view of guards.)
I'd previously heard of non-government buildings without signage, for security reasons, so I figured that was it. Rather than not wanting to spend the money on a sign that would make it easier for customers to physically find, increase brand awareness, or raise their prominence in the minds of local officials before whom they might occasionally have business.
And, over time, you hear of other non-government unmarked buildings that are arguably "sensitive", for one reason or another. The ones that personally come to mind, historically that type has been threatened before (by, e.g., people angry at a company that they blame for automating away jobs, people who saw a movie involving blowing up records of bank loans and think that will work in real life, animal rights activists who want to free lab animals (and didn't see that other movie), eco-terrorists, people who are are mentally ill and found something conveniently located to fixate on). Maybe also no need to invite protestors?
Once went to visit a Raytheon technical support guy in his office. He made a point that it was 'hard to find' and there 'were no signs'. And he was right. Drive to a building. Park. List of business but not Raytheon. Go through a door that looks like it should be locked. Down a hall to the end. Open a door that looks like a utility closet and there is their office.
Company Policy.
Old office in SF two floors were a banking operation. They weren't on the signage. And you'd get in the elevator with people that worked on those floors and they would stand silently despite obviously knowing each other. Double set of doors on those two floors.
I think you're right about obscurity preventing a lot of low-grade issues.
There's an interesting building right in downtown Minneapolis that takes up an entire block that I'd passed several times a week for years without even noticing it—it's the operations center for Wells Fargo (and actually it just recently has been sold).
Zero signage and very nondescript, but when I found out what it was some of the physical security around it started to become super obvious. Big bollard "planters" and protection from large vehicles, a lot of cameras, no real obvious lobby.
Dead on.
Another good example is the London Stock Exchange; they have a really nice office downtown that is something of a magnet for protests, but I used to work around the corner from their data centre , and it was in a very scruffy , anonymous building with dirty windows, just an unusual number of cameras and stuff on the roof.
> security by obscurity is weak for actual security
There was a time when I believed this. But over the years, I've concluded that in many cases, that which is considered legitimate security is in fact rooted simply in ensuring that the attacker is lacking information, which is fairly synonymous with obscurity.
Secrecy is a core part of legitimate security. But mere obscurity is not secrecy. In a secure system design you know exactly which parts are secret and which are not.
Yes, ideally this distinction can be made. But a piece of information you consider secret, if known by more than exactly one person, is merely obscure information.
Digital distribution and cloud apps lowered the cost to correct mistakes and therefore lowered the barrier to release.
No longer are developers bound by physical media, or have to force clients to troubleshoot, manually download updates on their website and install them.
... and as others said, LLMs impact is greater on junior developers, and at that, more on speed than quality. For experienced developers, the impact is greater on speed.
That creates distrust in me, so I swapped to BitWarden and haven't looked back.