Indeed.

> that suggests otherwise:

Except that it does no such thing. If you have passwords for defense in depth, they both exist for security reasons and it is a security problem to expose them (because you've just eliminated part of your depth.)

Defense in depth means that the problems of any one layer being violated are mitigated by additional layers of security, it doesn't mean it suddenly ceases to be a security problem if one of your measures is compromised. It just reduces the likely immediate severity of such a compromise, providing a greater chance of being able to effectively address it before it leads to an actual breach.