While common knowledge, many engineers, managers, and executives rely on it anyway. They trust that the secrecy of their protocols and application design won’t get out. However, given that most, over 75% by some measures, security breaches have help from someone on the inside, that’s really no protection at all.
Secrecy might be some additional protection, but you should design your applications, services, etc. with the assumption that the design is public knowledge to ensure it really is secure from the start.
No matter how good your hardware is, no matter how strong the locks and walls, no matter how good your encryption and password policies, the weakest link in any security system are the people who have access to get through the security.