Technically all security is only possible through obscurity. If everyone had your private key, it would no longer be secure because it is no longer obscure.
That's not what this means at all. Security by obscurity is referencing software that itself has secret pieces that are (to the software authors) "security features" which are only secure so long as their implementation details remain secret.
Software using a key is not security by obscurity, knowing that a key is used by the software does not result in the application being compromised.
Software that uses one secret key for all users embedded in the binary is security by obscurity.
Every single time I recommend Signal to anyone, I get told, that WhatsApp already has E2EE and that there is no reason to switch because of that. Like, give me the proof the keys aren't sent to Facebook man.