Security by obscurity gets knocked by some people, but it is a valid part of a defense in depth strategy. For example, I run SSH on a weird port, but I still secure SSH just the same as I would if it were on port 22. Running it on a weird port just decreases the amount of spam I have to filter through in the log files.
So-called "security by obscurity" is critically important.
I must disagree emphatically with open-source enthusiasts who believe that "security by obscurity is bad" advice applies to everything. In my opinion, it only applies to a small subset of certain types of software - packages that are meant to be used on extremely large scale, such as web servers, encryption algorithms, and the like. Attempts to apply it to other areas are foolish.
Obscurity is the only possible mechanism for keeping a highly popular link-aggregating site's story ranking reflective of what the community of genuine readers wants to see when under attack by "content promoter" types.
Sure, valid opinion, but I sure ain’t staking my security reputation on the quality of this forum, doubly so since it operates on many hidden and user-hostile rules to get to this debatable quality that I can’t audit.
Frankly I just don’t think they give a damn about the value of open source, at least relative to immediate things, and I respect that.
Hey no knocks, just saying there’s a name for this tactic.