If you want to be that loose with the definition, passwords and private keys are "security through obscurity".

Giving people time to patch before releasing the details of how it can be exploited isn't a bad security practice.