In a connection-oriented system, it is easier to provide QoS (guaranteed bandwidth, delay, etc) because the routers know which packet belongs to which flow. Thus, the routers can maintain per-flow bookkeeping, and drop any packets from a connection that is exceeding its allocated bandwidth. At the same time, the network is told the amount of requested bandwidth per connection ahead of time. Since each router knows its available bandwidth (and the bandwidth reserved so far), each router can definitely answer whether or not it can support X amount of extra bandwidth. This way, a proper path can be negotiated through the network, at connection time, such that every node along the way can handle the requested bandwidth, delay, jitter, etc.
As for security, knowing your path to someone else isn't the issue. The issue is being able to manipulate that path (and others) at will. There are a number of hijacking, redirection, man-in-the-middle, etc attacks that rely on issues within the way IP packets are routed. In a circuit-switched system, like MPLS, the control plane basically lives in its own separate world and is essentially decoupled from the data plane (like with the phone network). That is, forwarding decisions are made based on an extra attribute connected to every packet (the so-called label ID) and not on some user-accessible field within the data itself. The only time that the user has access to this attribute is when specifying the "connection ID" associated with each outgoing packet, but that is strictly an agreement between the user and his serving router and has little relation to the upstream label tables.