While “security by obscurity” may be good for some spy agency as an additional layer over a system that would remain secure even if it were published, most people are right to say that “security by obscurity bad!”, based on the known history of such systems.

The reason is that, without any exception, every time when some system that used “security by obscurity” has been reverse engineered, regardless if it was used for police communications, mobile phone communications, supposedly secure CPUs etc. it was discovered that those systems have been designed by incompetent amateurs or perhaps by competent but malevolent professionals, so that those systems could be easily broken by those who knew how they worked.

“Security by obscurity” is fine for secret organizations, but for any commercial devices that incorporate functions that must be secure it is stupid for a buyer to accept any kind of “security by obscurity”, because that is pretty much guaranteed to be a scam, regardless how big and important the seller company is.

Obscurity is OK only when it is added by the owner of the devices, over a system that is well known and which has been analyzed publicly.