About

Security Through Obscurity (STO) is the belief that a system of any sort can be secure so long as nobody outside of its implementation group is allowed to find out anything about its internal mechanisms. Hiding account passwords in binary files or scripts with the presumption that “nobody will ever find it” is a prime case of STO.
STO is a pejorative referring to a principle in security engineering, which attempts to use secrecy (of design, implementation, etc.) to provide security. It’s a philosophy favoured by many bureaucratic agencies (military, governmental, and industrial), and it used to be a major method of providing “pseudosecurity” in computing systems.
A system relying on security through obscurity may have theoretical or actual security vulnerabilities, but its owners or designers believe that the flaws are not known, and that attackers are unlikely to find them. The basis of STO has always been to run your system on a “need to know” basis. If a person doesn’t know how to do something which could impact system security, then s/he isn’t dangerous. The technique stands in contrast with security by design.