I am not an expert on Browser Service either, but I am not sure it actually adds much security. If someone really wants into your system, a port probe isn't that hard to do and once you know what ports are listening, it isn't hard to figure out what is listening on each port.
It is more of a "security by obscurity" thing. It's like using a non-standard port for SQL Server. If the server is outside facing, I would not have SQL installed on it unless I absolutely needed to. If it is inside only SQL instance, it depends too. We use SQL Aliases via registry edits in the logon script to handle our SQL instances to have friendly names and as such, we don't rely on the SQL browser service for anything. New and test\dev instances sometimes take a little longer for IT to get it into the logon script and short-term instances don't get in there for an alias, so the DBA's maintain a central management server (two of them actually; one for test\dev, one for live). The central management servers have the host, instance and port in them.
For my workplace, the SQL browser service offers no benefit as we have other things in place.
My opinion, turning it off for a security thing doesn't really offer much help unless you have something else in place to watch for port probes and deny IP's that are probing. And if your SQL Server is outside facing, it is likely someone will find a way to get access to it. Wherever possible, keep your SQL instances internal-only.