The whole "defense in depth" principle disagrees. Having a layered defense can not only buy defenders time, but downgrades attacks from 100% data exfiltration to <10%

Increasing the barrier to entry from "trivial" to "less trivial" is always a good start.

Yup. This is some of the stuff that gets missed when understanding Security.

Ultimately, you're just buying time, generating tamper evidence in the moment, and putting a price-tag on what it takes to break in. There's no "perfectly secure", only "good enough" to the tune of "too much trouble to bother for X payout."

or like, are people going to wonder why we dropped the ball so hard, or are they going to be impressed by what the attackers pulled off.