What you're describing is effectively an attempt at security through obscurity, which doesn't work. If an attacker is interested on a specific target, going through the source code searching for bugs isn't too different from performing a black box attack.