However, this attitude is considered security through obscurity, and is best avoided. Even if the path to sensitive data is practically unguessable (say, you are using UUIDs), once a path is discovered it can be widely shared.