Cryptologists have a mantra: "Security is not obtained through obscurity." Given how persuasive and pervasive this assertion is, it is remarkable how many well- or ill-meaning novices (and product advocates) fail to get it.

People often become convinced that they can enhance the security of their protocol, algorithm, or application by not letting on to the public just how the thing works. This specious reasoning concludes that if the bad guys (perhaps meaning "competitors") do not learn the details of how a protocol/algorithm/application works, they will not be able to break it. Or perhaps these naive folks just think that their whiz-bang new algorithm is so novel and brilliant that it will keep people from stealing their ideas. Either way, security through obscurity ranks up there with a belief in the tooth fairy in terms of scientific merit.