> Come to think of it, backdoors are fundamentally "security by obscurity". Or insecurity through obscurity, depending on your POV.

This one is. But they aren't always.

For example, if a manufacturer put in a support/recovery backdoor, documented it, and utilised a secret that only the end user and manufacturer should know (e.g. something on the physical label), then that would be a backdoor while not relying on any obscurity for its security (or no more than a password does).

The biggest difference between a "good" backdoor and a "bad" one is if it is documented. If the manufacturer is too scared to document it then it likely sucks and they know it.

Knowing the Juniper Dual_EC_DRBG constants were fiddled with doesn't help you actually snoop, since working backwards to the generating constant is computationally unfeasible.

Similarly hardcoding someone's SSH public key isn't going to help anyone else gain access just by knowing it's there, is it?