If we make our roles, policies and permission matrices confusing enough, an attacker wouldn't be able to figure out how to get access to things.
Let's try a variation on this:
Any sufficiently confusing set of roles, policies and permission matrices is indistinguishable from "security".
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!