The danger of making it public is that it makes the system much easier to game.

The upside is that it is easier to see who is gaming the system. Or that could be another downside if the answer is "the moderators".

How does it make the system easier to game?

> Or that could be another downside if the answer is "the moderators".

To me it seems like an upside if we know when moderators are gaming the system.

I was being a little cheeky there implying that the moderators don't want the users to know if they're manipulating the votes.

Security through obscurity is rarely a winning tactic.

This may be true for locks and cryptography but a message board is not really a 'security system' nor does it fail completely and catastrophically if someone manages to figure out the details of the ranking algorithm or spam countermeasures.

That's only true when it's known how to publicly secure something.

All security is some form of obscurity, is it not?

No. That's not what the phrase means.

I can't really think of any good forms of 'security through obscurity'. Is the elimination of buffer overflow vulns and sql injections a form of obscurity? Is SSL a form of obscurity?

SSL is based on obscure prime numbers. Another example is user passwords (obscure text). Sessions and API tokens, too. Credit card numbers, garage door openers, and SIM cards all rely on hidden information. Even door locks are a physical form of hidden keys.

But you're right, there are some forms of security that don't require obscurity. For voting systems though, I would categorize them as "cat and mouse" systems, which unfortunately fall into the obscurity category.

That makes gaming the system too easy.