Nothing wrong with security by obscurity. It's widely used and it is effective. Security is security. Usually there are easier and more effective methods though, so if it's your only security layer then you might have missed a few things.
The main reasonable criticism would be that it obscures the things you missed from naive audits while still being accessible by an attacker. So you hide the issue from the "good guys" while not baring much entry by the "bad guys". I have seen this pattern emerge many times, because what is obscure to you may not be obscure to someone else. So it /causes/ you to miss things.
