security by obscurity is not the way, everyone knows it.
those guys will figure it out sooner or later (where later, might take ages).
in the meanwhile, a lot have pseudo-secured networks thru triple-nat, quadruple-nat, multiple ipsec'd layered and so, and others live with the hammer in their suitcase for fixing things around when the clue is gone.
often they forgot the neat webserver box that run's some strange software, which no one updates, and... in the end is the cheese hole around their network...
but, in the other end, money talks, and bulls**t walks, so, we might be all wrong, and they might be right, who knows ?
who cares anyway ?