Relying on a client not being able to guess a random number is also important for Diffe-Hellman and like, all private key generation AFAIK. I don't think anything says private keys are security by obscurity because they require you to locally generate random numbers