As others have said, it's Apple and they do not take kindly to other people leaking their technology/announcements ahead of time.

See also: the time that ATI's CEO told his employees that their chips would be powering Apple's to-be-announced hardware a few days before the announcement. Steve Jobs responded by pulling all of ATI's hardware from its demo units at the announcement, not mentioning ATI at all, cancelling a joint demonstration of the Radeon card that was going to be in the system, and never partnering with ATI again.

https://web.archive.org/web/20001216031800/https://www.zdnet...

Because it's Apple. They are huge, have scary lawyers, write scary contracts, and want to "delight the user" with features only when they announce them. They hate leaks, and demand separate teams for basically any/all development.

It seems this wasn’t about the code itself, it was about Apple Pay not being announced yet. So only people under NDA would be allowed to even know what they are working on.

It's kinda like that, there could be a proprietary fraud detection heuristic in there that you don't want to get out.

> security by obscurity thing... What am I missing here?

You are looking at the problem from the wrong direction.

If you build a honeypot, to trap hackers, does it behove you to explain what the bait is, and how the trap works?

Know your customer, fraud detection heuristics, finger prints, behavioral triggers are all areas where banks, and financial institutions need to keep the sauce secret. Telling the other party "how" you catch them just gives them the steps of what not to do.

Maybe that’s some scoring to decide if you should be able to pay or not with some method.