Comment by peterwwillis

What I'm talking about isn't infrastructure, it's the entire system architecture and workflow. Code architecture is a part of that. If you design your code architecture, and then look at system architecture, your code architecture may have to change. I'm suggesting to do them at the same time.

Say you did your code architecture, and you've been writing code for 3 months. The security architect comes by and takes a look at your work, and announces that your design is inherently flawed; you need to fix some token-passing thing that's tied deeply into your app to support some system they have to audit company apps. You end up doing rework for a sprint or 2 to fix it. This in particular may not apply to you, but there are hundreds of examples like this.