Could you apply here the Kerckhoffs's principle which says that security should not be based on secrecy? I know the original principle speaks about encryption but why should not it apply here aswell? Organisation should be secure by design and not by hoping nobody discovers all its assets. That being said maybe the mentioned Swedish approach to have the TLD zone public makes sense?