The source of this bias is voyeurism.

It's always someone outside your org telling you that obscurity is bad, and that you should definitely publish all your source code to let them see.

It's self serving outside judgment to get you to provide them value.

On the other side of the coin, there is a bias towards this trope that comes from exhibitionism: those of us who hold that security through obscurity is valuable, will usually not publish our thoughts on other security mechanisms, since we will consider that doing so decreases our security, whereas those that believe in the trope, will publish all of their thoughts on security, as they do not depend on or value the secrecy of their strategies.