I am a little lost as to what the real argument is.....
Don't use RFC1918 addresses on public networks.
This is bad.
Don't use RFC1918 addresses on as a security measure.
I don't use RF1918 address on public networks, but I do use them on my backend systems and at some level I consider it a security measure. Those backend machines don't have access to the Internet and the private addressing helps ensure that is true. Is my thinking flawed?
Only that private addressing helps ensure that your machines don't have access to the Internet. If you've set up a network where there is truly no packet path to the Internet such that it wouldn't matter if your back-end network was numbered in RFC1918 space or not, then it becomes unlikely that the network in question will be compromised *by an attacker arriving via the Internet*, and your security does not depend on RFC1918 addressing. You will have someone walking up to a switch and plugging in to consider (but that's more a facility security issue). RFC1918 gives you a place to number hosts without conflicting with "public" address space, that's all. If you use RFC1918 addressing on connected hosts, and distribute RFC1918 prefixes in your IGP, then connecting to any part of that network's internals gives to access to its RFC1918 space. There are any number of ways this could be accomplished - attacking facility security, exploiting a poorly-secured dialup, etc. Security, in general, is about *feeling* safe, not about being safe. Some folks get a feeling of safety from RFC1918 addressing, some don't. Stephen