I think the argument is that security only by obscurity is not security. Obscure and good is a better alternative. The example for this topic would be a non standard port, but no password - nice and convenient, and it's unlikely anyone would find the port, but when it's found there's no security left.