[antepodius]

It seems like there's something like a way to measure the different mechanisms in terms of how inherently decoupled they are from their surroundings. So, a the fact you have to send messages to my server in a particular format is one type of obscurity- but it's highly non-incidental, linked to many different parts of the world (i.e. it's some common network protocol) and more easily investigated (you could get interesting different responses by vary what string of bits you send).

In comparison, which particular password I use can be very highly decoupled from the rest of the world and my architecture, which makes it vastly more (reliably) obscure.

Somewhere inbetween "you have to know my server exists to send 'login:admin password:pass' to it" and "the volume's encrypted with a 2048-bit cypher generated from atmospheric entropy" is, maybe, a useful middle ground.

Hidden volumes seem like more of a defensive meta-obscurity, in that they obscure your metadata (your ownership of a particular piece of encrypted data).