There is a "security" attitude where security through obscurity is appropriate: If they're smart and diligent enough to figure this out and use it, they deserve to get access. In many cases all you want to do is discourage or make it difficult for someone to break through your "security". A few people figuring it out and working around it in certain situations doesn't have to be unacceptable.

If you're writing something and marketing it (even if it's just to your boss) as secure, this is a poor security approach indeed, but if all you want to do is deter or make the user/enemy use up resources in order to work around it, this could be sufficient.