Exactly. Also the box and placing was no 'security measure', just the way it worked. It is very interesting to see how the view of the person trying to 'break the cipher' is different to the mindset of the team that had to get it to work. They were probably security paranoid about the hackability of their work but in a totally different direction to that 'seen' by someone 'breaking the cipher'.
While I imagine it's not a security measure, I don't think it's "just the way it worked" either. It sounds like a conscious decision to limit false positives.
To elaborate what the parent was talking about when they said "the way it worked" (it might also be what you're talking about). My guess is that the box is useful to straighten, unskew, and scale the image before applying the OCR.
You could /try/ to do it looking at the baseline and cap heights of the text itself, but you wouldn't know the scale in either direction. I imagine those font identifiers would have been a lot better if they could have known those things.