I won't argue with the term security in first line. It is more a concern of privacy (which can have an impact on security also).
When there is the point reached that leaking the used OS could have negative effects (i.e. tailored attacks), argumentation with performance does not matter anymore.
You should assume that the tailored attacks will occur regardless of any precautions, as to do otherwise is security through obscurity. The state of the black art seems to routinely include anything and everything. If a tailored attack would be a problem for your system, it should not be on the net, not even briefly.
While I may have stopped publishing HINFO records in DNS rather a long time ago, I do not believe that knowledge of the OS should be considered to be a security problem in the current era. You should assume that the attacker does know precisely what OS you are running, and defend accordingly.