Yes, security through obscurity is just an absolutely crap way to handle these things. It's exactly what games continue to use; and they continue to be broken.
The basic problem is that good developers who have NO CLUE about security and cheat-prevention somehow continue to think that just throwing more and more layers on something will magically make it uncrackable. (c.f. id's constant protocol changes, all of which have been met with aimbots in a matter of weeks at most).
Some people never learn.
It basically comes down to developer arrogance: this attitude of "i am smartey computar man!!! thoes hax)rs will nevar brake my 1337 new code!!!". And of course, 3 days later the cracks are all over the net. Every time.
The reason id tend to be the only company ever actually making any headway in this area is that Carmack is actually smart enough to understand that he ISN'T an expert at this stuff, so he does his homework.
Anything can be broken, but it basically boils down to "how much effort will it take to break this; and how much effort will it be for us to get ahead again?". Use the right kind of scheme, and that ratio rapidly tilts very strongly in your favour. OTOH, clueless developers continuing to "invent" schemes that are just variations on the ones I used to crack 20 years ago bias it just as far in the opposite direction, and typically it takes far less time to crack the protection than it did to write it in the first place.