When viewing the source of the homepage, I can easily see the name of the 'wp-content' folder however, I can also see the name of the theme.
Since I can see the name of the theme, I could assume that one directory up is the renamed 'wp-content' directory.
When the contact form plugin is activated, its path is listed. Perhaps other plugins would be displayed as well?
Finally, I can see the following jquery line.
http://ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js?ver=3.4.1
I can see how renaming it is helpful against bot scans, but if I can figure out the renamed directory within 15 seconds of viewing the source, I can see how that's a security risk. I wonder if Wordpress will do anything in the future to secure this information.