All the points you raised are valid and true. But we are constrained by the number of developers and the amount of hours they want to donate and work on. Currently it is just me, @Professr and @lgx as frequent contributors (and some other kind souls who have also contributed code & fixes).
So yes, doing more would be a good idea (and @Professr has a particular interest in OTP solutions). But what I was trying to get at with that sentence was: Work items 1, 2, and 3 from that document are fairly easy. And yes “burning the fuse bits to prevent readout” is technically security through obscurity, but IMO it will be a while before meshtastic is enough of a target that someone wants to do the the substantial work needed to attack such an approach. i.e. instrumenting an attacked PCB by drilling vias and soldering blue wires and using a logic analyzer to capture bits for a custom written reverse engineering tool.
So yes, doing something more than the listed work items is a good goal for ‘someday’, IMO it would take developer time for currently non existing attacks.