The idea of "Security Through Obscurity Kills People" as a bad thing is a very catchy phrase and great rhetoric. However it is also one of those statements which lowers the critical thinking and allows people to talk without producing stats or facts or demarcations of when a idea should apply or not apply.
For example we told repeatedly to use obscure passwords, lock our phones and tablets with 4 digit numbers, and even swiping-the-screen-gestures, bank account information is protected by numbers and password! And all this in most cases is an obscurity scheme, and that obscurity scheme is our single point of security failure before complete systems access.
"Heartbleed" was present in OpenSSL for over decade, out in the open and nothing detected. ...
You misunderstood the term "obscurity" in this context. Of course there is something that identifies some user (sth. he knows / sth. he has), but "security through obscurity" denotes practices of hiding the way authentication process is planned / implemented. This hiding usually at best makes no difference to the safety of the system, but often actually lowers it. One of the reasons is because it makes it harder for independent security researchers to review it.
Of course there are secrets in any access to a secure system. But they should be only those parts which are user specific (passwords, keys,...).
For example we told repeatedly to use obscure passwords, lock our phones and tablets with 4 digit numbers, and even swiping-the-screen-gestures, bank account information is protected by numbers and password! And all this in most cases is an obscurity scheme, and that obscurity scheme is our single point of security failure before complete systems access.
"Heartbleed" was present in OpenSSL for over decade, out in the open and nothing detected. ...
p.s. slightly off-topic, but can you accurately count the number of ball passes? https://www.youtube.com/watch?v=47LCLoidJh4