"Security through obscurity" is a phrase being tossed around by those who don't really understand much of anything.

There is nothing obscure about the techniques that BearShare uses to digitally sign query hits or require challenge/response authentication in host connections - they are all built from sound, proven cryptographic primitives that are published and well documented.

If we were using obscurity, we would have made up our own cryptographic algorithm - this would be a poor choice.

So when you hear someone say "security through obscurity" in the context of BearShare, this is clear sign that they don't know what they are talking about.