"Security through obscurity" is not a complete solution. That is basically the same as saying things will be restricted to those who need to know, which only works when a very small group knows the secret and that group is trustworthy. (Knowing the secret can be interpreted as knowing how the secret is stored.) As computers and software become more and more of commodity items more people will know the inner workings, thus diminishing the ability to keep things obscure.
Properly implemented and used encryption is your friend. Which is pretty much the exact opposite of security through obscurity. You want people reviewing your algorithms and testing your random number generators. You need that external review by a wide variety of people to find the flaws. The same goes for general operating system flaws as well - buffer overruns are hard to sneak past a few thousand people who are working with the source code. Open source software has been a great thing for improved security.
Encryption does not guarantee security - the weak link is still the pass phrase, which is a secret you hold. Which is why two factor authentication is so useful - it lessens the impact of that weak link. If you lose the pass phrase the security token can buy some time to detect the loss and get the pass phrase changed. And if you lose the security token then the pass phase will protect you until that problem is taken care of.
) I even find web sites that give me a 403 and kick me out on my a**. That's what they think of my obscurity. And I can keep my security for all the good it does me.