Security through obscurity
As far as I know, ALL security relies on some form of obscurity. Most times it's something we know that we don't have, like a password, the secret key etc. Security through obscurity is the norm in the computer industry. As we all know, having a transparent process that everyone can see is not a guarentee of security either. We have lots of open source software where we continue to find security flaws, even years after the code is released.
We find exploits in the wild for open software before those that have code for the process know that there's a hole. I agree that having a flawed security stack and obscuring it is not a guarentee that the flaws won't be found out. It's also true that by obscuring the stack, it took the researchers a bit more effort to break into the system than it would have if they'd had all the specs and code in front of them to begin with.