safety by obscurity has rarely been a good practice since you can't build the OS, the web server, the db engine, and everything else (including the CMS) from scratch
even if you could, chances are you would introduce fatal security flaws that others have already solved in the past
in fact many people are now pushing for robustness by transparency and crowdsourcing source code inspection