Of course PDF passwords are a type of security.
Security does not necessarily involve encryption, as you’re claiming; it can just as easily involve deterrence, inconvenience and obscurity. And nobody here claimed that PDF security was state-of-the-art or was even meant to be.
Inhibiting a casual client (for whatever reason) from editing a PDF proof, for example, requires a far lower standard of security than protecting something of greater value or risk.
If the vast majority of those receiving a PDF can’t or won’t bother to figure out how to edit a password-protected PDF, that creates a level of security that inhibits those people from doing so. If this is all that’s needed, this is exactly what a PDF password is meant to do.
If someone needs higher levels of security, a PDF password won’t pass the test. But then again, as I’ve said, not all security protection measures are meant to be, nor do they need to be highly secure.
Security measures do not need to have bullet-proof effectiveness in order to be effective for the level of security they were meant to confer. Most anyone could bypass the lock on my backdoor by simply breaking the window. Dozens of people in town, just based on averages, have the same four-numeral passwords to their garage door openers as I do. The key to my desk drawer could easily be found by most anyone rummaging through my office.
Despite those deficiencies, each of those security measures still do their jobs at deterring people from breaking into my house, opening my garage door or snooping through my desk drawer, which is exactly all they’re meant to do.
So despite the glitches, lack of encryption, or ability to be bypassed by some software, PDF password security works just fine for those purposes that it was meant to be used for.