Reading the Servlet 3.0 spec, I came across the following and wonder if that's really the recommended thing to do. I remember coming across advice to NOT include this info for security reasons:
It is recommended that containers use the X-Powered-By HTTP header to publish its implementation information. The field value should consist of one or more implementation types, such as "Servlet/3.0". Optionally, the supplementary information of the container and the underlying Java platform can be added after the implementation type within parentheses. The container should be configurable to suppress this header. Here's the examples of this header:
X-Powered-By: Servlet/3.0 JSP/2.2 (GlassFish v3 JRE/1.6.0)
For example, here, it's argued against this practice. I once used a tool to analyze my website for potential problems and it came back with a security warning and a recommendation to remove the X-Powered-By headers.
I generally wouldn't put the Servlet container directly on the internet either; that's what I use a reverse proxy for (and load balancing).
To answer your question; I don't think security through obscurity is a particularly "good" security practice.