This was security through a cryptographic design. It was just a broken design. If you consider confidential symmetric or privkeys "obscurity," sure, all crypto is obscurity.

There's no need to encrypt the keys as you hardcode them into the FPGA, if you control the hardware as you do this.

I certainly don't see how anything FOSS would be affected, and would appreciate concrete examples.

This mechanism also included an HMAC, responsible for authenticating the bitstream. That's useful even if the bitstream is public knowledge.