He's not saying you should rely solely on obscurity for security. He's saying that, in addition to other basic security precautions, the use of obscurity is a good idea. The less a potential attacker knows, the better.
The reason for serving the admin under a non standard URL is rather to get rid of requests issued by robots who are not clever enough to realize it's open source. It's similar to not having your SSH server listening on port 22, which is a pretty common thing to do. Shouldn't be relied on for security, but it declutters log files.