Hackers don't need the frontend (the menu items), so your effort to remove frontend items won't help. For a successfull hack, the hacker (at least the person who initially creates the hack) needs in-deep understanding how the app he's about to hack works. If the hacker decides to publish his hack, script kids might join the bandwagon and perform the exploit even if they don't understand what they're doing.
This is not only the case for Coppermine or the other apps you mentioned. There is no absolute security, but your concept of "security by obscurity" is just nonsense. Hackers as well as script kids prove this on a daily basis. What you can do is keep your apps up-to-date and perform backups frequently. This will make hacks less likely, yet they still happen, as all non-trivial code contains bugs that potentially can be exploited. Keeping your app up-to-date will not prevent zero-day-exploits, but it will make it less likely to get hacked by script kids.
Just google for any app you could think of: you will find reports of hacks no matter what app you pick. Among the results of your search, you will find genuine hack reports, but just as well invalid reports (where the legitimate owner has made something silly like chosing trivial passwords or the person reporting the "hack" actually confusing a malfunction for a hack). It's your choice basically. As a rule of thumb, pick an app with an active community of developers, where bugs get fixed fast.