Keep reading:
Security by obscurity alone is discouraged and not recommended by standards bodies. The National Institute of Standards and Technology (NIST) in the United States recommends against this practice: “System security should not depend on the secrecy of the implementation or its components.”[9] The Common Weakness Enumeration project lists “Reliance on Security Through Obscurity” as CWE-656.[10]
A large number of telecommunication and digital rights management cryptosystems use security through obscurity, but have ultimately been broken. These include components of GSM, GMR encryption, GPRS encryption, a number of RFID encryption schemes, and most recently Terrestrial Trunked Radio (TETRA).[11]
EDIT: Matter of fact, there’s a belief among many in the field, that open sourcing your security is a best practice. That gets a lot of eyeballs on the code, which can find potential problems sooner.
For instance, two of the best private email services, Proton Mail and TutaMail, open source their code precisely for that reason - to get eyeballs on it. Their security relies on solid public key cryptography, not obscurity.