Intel's "redundant prefix issue"

Common Criteria (CC) certification requires keeping the design confidential for example. Why? Because it forces an attacker into reverse engineering the particular device design, which is not impossible but definitely costly. And this will deter many attackers, all those who cannot justify the effort. In most cases security is not a binary proposition, it's an economic equation between cost of attack and cost of defense. And then obscurity makes perfect sense as a way to increase the cost of attack.

Everybody agrees "security by obscurity" is bad for algorithm and protocols. These are long lived, and we want the more review possibly to ensure strength and lasting protection.

But when it comes to a specific implementation, some amount of obscurity can be good, and can even be a requirement (see the CC spec)

For CC, I don't remember at which level it kicks in but for EAL4+ and above design secrecy is a requirement for sure, with requirements on how to control access and enforce this too. So you want to do an EAL4+ system? You must show your offices are properly secured for example, and that there are protection against tampering the design over the whole chain, from design to manufacturing to production. And most of this must be confidential, with proper access control.

So yes, I wish people would stop pushing "security through obscurity = bad" as if it were insightful. First, when it applies (algos & protocols) it is no longer insightful, everybody knows. And then there are plenty legitimate cases where it does NOT apply.