> you'd still trivially be able to find that number given a single known password.

I understand that it's because the salt is entirely appended in clear to the hash. Isn't it better to have a second static salt implemented in the code, in case only the database would be compromised?

I think those schemes are pretty silly, but as long as you're using a well-tested implementation of a real KDF and not some goofy scheme you hacked up yourself so you could add the second secret nonce, I don't care.

Alright, it's true that it feels silly to add negligible protections when your security here is reduced to the KDF and its implementation.