Nate Lawson: In software protection, obscurity is everything. Lawson: “You’re ultimately depending on the attacker to not be able to just “see” the key or how the protection works. That sounds weak and against normal security principles but actually works quite well in practice, if you’re good at it. I think that insight echoes what I said in Fight to Your Strengths last year: “Security through obscurity” is bad in all its forms, period. However, integrating security through obscurity with other measures can help force an intruder to fight your fight.”]
Source: https://taosecurity.blogspot.com/2008/06/clueful-interview.html