robots.txt

robots.txt is a way to supposedly get search engines to leave your site's private resources alone, like a private API or something. But at the same time, you are making valuable resources easily known to attackers. It takes out the time and effort required for directory enumeration with DirBuster.

How can we come up with a better solution to robots.txt that doesn't paint obvious targets?

Make robots.txt contain SHA512 hashes of the secret paths instead of the paths verbatim. Use domain as salt to prevent rainbow table lookup.