It depends on your definition of EasterEgg and on the type of application.
For example, our current application takes a while to load, so it has a nicely designed SplashScreen. In a free minute, I implemented a hue rotation algorithm, and now the SplashScreen has a different color on every start. That may be too simple as an EasterEgg, but it's a nice touch, it doesn't harm someone, and it is easily spotted (i.e. it is not hidden - it still takes people some time to notice it though;)).
On the other hand, when you're developing a more or less critical application, including a hidden EasterEgg can be problematic. That's why Microsoft is strictly prohibiting EasterEggs in their applications, because when even Microsoft doesn't really know what their programmers put inside, then how should they know the application doesn't have malware code in it? And that's pretty much how I think about EasterEggs in my own application. A harmless, easy-to-spot gimmick is always welcome, but don't put too much in it and don't hide it. Makes it easier for the customer to trust you.
Regarding that, I have to strictly disagree with
1. They are relatively hard to figure out how to get to.
if your application is developed by multiple developers and is delivered to paying customers that rely on it. You may be fine with a hidden EasterEgg if the application is freeware or open-source, if you're a one-man-team and you're sure that the customer will trust you about these things, or if the application is in no way related to potential economical damage. So, just think about what your customer will think when he finds out that there's some hidden thing in the application. Better hope then it's a really harmless EasterEgg.