I have a static website and it's security depends on people not knowing that a secret file is at example.com/Path/To/Secret/File.pdf. Assuming that the path to the the file is not randomly generated, is this safe?
Update: the path is not that obscure. It would be like domain.tld/Files/Password.txt. Not anything like GUID or random strings.
To answer the question in the title, yes, that's security through obscurity.
While the security community generally frowns upon that, in some situations that can be appropriate - for instance, semi-private files on a CDN, with a long random-ish string in the URI, that need to be accessed by a variety of clients for whom handling authentication is difficult.
Your situation, though, is a bit different, in that you explicitly are not using a hard-to-guess filename. This means that someone who has never been given access to the file still has a reasonable chance of finding it.
A broader problem with this sort of security is that you cannot easily revoke access for specific users. If one person has been granted access, they continue to have access, which can be a problem if, say, they were an employee and they've now left the company. It also allows them to send the link to others, either publicly or privately, and those others will now have access, even if you did not intend to grant it to them. Again, in some situations this is acceptable (if it's a file that isn't frequently updated, they could simply save it onto their computer and achieve the same thing), but this will depend on your situation.
