I think when it comes to the code that controls the navigation, control, detonation, etc, or our munitions, that perhaps that should not be publicly reviewable. Not because of hacking concerns, but it does give info to a potential enemy that could render them less effective.

Eh, there's an intrinsic amount of information about the system that can't be moved into a configuration file, if the platform even supports them.

If your code is tuned to make movement calculations with a deadline of less than 50 microseconds and you have code systems for managing magnetic thrust vectoring and the timing of a rotating detonation engine, you don't need to see the specific technical details to work out ballpark speed and movement characteristics.
Code is often intrinsically illustrative of the hardware it interacts with.

Sometimes the fact that you're doing something is enough information for someone to act on.

It's why artefacts produced from classified processes are assumed to be classified until they can be cleared and declassified.
You can move the overt details into a config and redact the parts of the code that use that secret information, but that still reveals that there is secret code because the other parts of the system need to interact with it, or it's just obvious by omission.
If payload control is considered open, 9/10 missiles have open guidance control, and then one has something blacked out and no references to a guidance system, you can fairly easily deduce that that missile has a guidance system that's interesting with capabilities likely greater that what you know about.

Eschewing security through obscurity means you shouldn't rely on your enemies ignorance, and you should work under the assumption of hostile knowledge. It doesn't mean you need to seek to eliminate obscurity altogether.