If you read enough about security in general you will hear the often touted principle of do not rely on security by obscurity. It even has its own Wikipedia page.
You see this advice thrown out a lot when somebody does something like embedding encryption keys in their code. The developers assumption is that the code will never be read by anyone and thus the key is safe. I have personally seen that one cracked in about one minute.
So the advice is good, you should not RELY on security by obscurity. It cannot be counted on.
However, does that mean you should never use obscurity at all?
A common example is code obfuscation. A lot of people will tell you there is no point because someone determined enough, or good enough, or who just has a lot of time to waste will be able to break it down. So absolutely, you should not rely on obfuscation to secure your application (i.e. key hiding).
But my immediate thought is: Why make it easy for them?
Why not cause them more hassle, even if it is not all that much. What is more, the additional hassle onto itself will serve as a deterrent for the less determined, or talented, or patient.
So I believe you should assume that any information you obscure will end up in the attacker’s hands no matter what you do. But, if there is nothing you can do about it (such as somebody reverse engineering your code), then you should obscure it anyway just to be a pain in their ass. It is not like they are going to thank you for making it easier for them.