> There's something to the idea of rehabilitating "obscurity", or at least recognizing that "cost" is part of threat models, and you can raise costs for particular attack vectors by degrees instead of "to infinity".

Exactly! Especially when you can create a high cost asymmetry, low-cost for you to add, high cost for the attacker to bypass.

Agree that the SSH examples aren't the best. I would have picked DRM.