The software development community has, in general, decided that these arguments are poppycock. The security flaws will be found sooner or later by people guessing at them.

The 'software development community' isn't exactly the epitome of quality engineers. As for the abused phrase "security through obscurity" it only partially applies here. The code is not being distributed in any form. It cannot be reverse-engineered. The only risk is people guessing at query strings and hoping they'll break something. So you're only partially correct.