Using RFC1918 space also gets you an IP range where the outside world has no route to it -- Sorry, but no packets are not getting there, ergo no way to hack.

At that point, just by use of simple routing, you've effectively eliminated 100% of attacks from the outside, and you only have to worry about inside. The front door is secure, now work on the back door.

One of the things which has always annoyed me about this argument was people making the assumption that routing of addresses and registration of addresses was related. You can have a globally unique address, registered with an address registry (arin, ripe, apnic), which is not routed on the Internet. You can have a "private" shared address, which is routed on the Internet. People who can't figure out how to filter, also can't figure out how to filter RFC1918 addresses. So route leaks of RFC1918 space are common. If your filters are properly configured, there is no difference in the security of RFC1918 addresses or globally unique addresses. What makes RFC1918 addresses "secure" isn't the addresses, but the route filters. If your filters aren't properly configured, there is no difference in the security of globally unique addresses or RFC1918 addresses. Personally, I prefer to always use globally unique addresses whether or not they are announced on the Internet because they cause less problems (security, operational, etc) problems when a route does leak. The problem with RFC1918 addresses, is if you an accidental route leak, you have a fairly high probability of getting nailed by someone else using the same address. Humans have an annoying habit of choosing the same "easy to remember" private addresses. If any security consultant tells you your computers are secure because they are using RFC1918 addresses, I would suggest grabbing your wallet and running. And, yes I've heard security consultants from the "Big 5" firms say exactly that. Note: I did not say either RFC1918 addresses or globally unique addresses were secure, only that there is no difference in the level of security between them.