From a security standpoint I would definitely agree that masking services on my network would be the way I'd want to go.
The problem will probably start to happen when communicating with other networks and machine out of our control. It's like using the wrong references. Stop means go and go means stop.
The file is not really for central management but mostly for general historical reference. One is allowed to change them but beware of the effects when communicating with networks outside of your control.