I am curious how advocates for source availability and free access to source code think about security through obscurity.<p>At my company, all our libraries are open source and all our server code is private.<p>There is something to be said for keeping architectural details hidden from would-be attackers to make their lives that much more difficult. I would go so far as to say that, if you run servers that handle sensitive data, then it is unethical for you to <i>not</i> take every possible measure to protect that data <i>including</i> hiding your server code from potential attackers.