"Security through obscurity" has ALWAYS had a purpose in the spectrum of techniques used to defeat the enemy. The term is just misapplied in the context of cryptographic systems to denote a system where the algorithm isn't published. e.g. if the security of your cryptosystem depends on anything more than just the security of the key, you're toast.
In NETSEC, we see tons of trojans/worms that try mightily to camouflage their existence with innocent-looking control protocols hidden in normal looking HTTP (or HTTPS) traffic and other things.
