Security through obscurity is hardly a good security measure. Micro$oft have been hiding their source code for how many years?..and how many trojans and viruses successfully get through that?
wikipedia is a bunch of php scripts etc...it's a matter of truly understanding security issues, and always being vigilant.
perhaps a useful visual comparison would be that to building a bridge over a chasm. a beginner instict for the "strongest" bridge would be a solid block of material spanning the gap. but instead a well designed series of arcs is stronger, and much more practical, and cheaper too. so too in security you need to evaluate the threats in terms of typical attacks, e.g. DOS attack, SQL injection, DNS poisoning, etc..well established vectors of attack. And for a little CGI script, you want to know that people can't read the script itself (over the web) and the CGI permissions don't end up giving them indirect access into the whole file system.