This isn't an "instead of doing things 'right'". Like I said, it's only valid as one component of a broader strategy.
You might have a point if someone had ever made a perfect scheme, but everything that seems to have attracted attention has been broken AFAICT.
So, a moat around a castle does help. Calling it good after digging a moat and not building any walls is probably less useful than doing nothing. The moat is only useful in the broader context.
Conversely, sometimes the obscurity layer will obscure the issues not just from others, but also yourself.
I worked for a thin client vendor years ago that was obsessed with encrypting our boot image etc, and poured all our resources into that. Which lead to encryption that was still trivial to work around, and a lot of other real security issues were never dealt with because we were fixated on the ineffective obscurity layer.
You might have a point if someone had ever made a perfect scheme, but everything that seems to have attracted attention has been broken AFAICT.
So, a moat around a castle does help. Calling it good after digging a moat and not building any walls is probably less useful than doing nothing. The moat is only useful in the broader context.