Gonna get myself in trouble, but boy I don't really want to debate or collaborate with folks that want to argue this point. Or use things they're working on. Defense in depth, obscurity is not. It's not even interesting to consider beyond dismissing.
I really wish people would stop conflating reducing the attack surface with safe software default configurations. They are not the same. There is value in hiding your listening sockets/ports from the world. Anyone who does not believe so frankly has never been responsible for security beyond their laptop and maybe some random VM in AWS they SSH into.