For cloaking scripts that have plugged the typical holes this is true, unless IP spoofing if employed, but that is neither simple or easy to achieve, and carries considerable personal risk. So in all practical terms Q's statement stands.
There are cloak sniffing scripts that only work against scripts that serve cloaked pages based on User Agent, but cloaking scripts that use UA alone are either remnants of days gone by, or sometimes people will do it because they want maximum search engine detection over code protection.
As Q (as in 007?) points out, those methods are the most typical ways people use to determine whether a page is cloaked.
To those you can add:
-Use the translator at AV, and because it carries IP's in AV's range, some scripts give up the cloaked page. (This is the method used to uncover Green Flash recently).
-Ditto for Infoseek/GO
-if you are familiar with the structure of some cloaking scripts you can simply navigate to the cloaked page with your browser, if they haven't protected against it.
-Same thing with those servers that have been set up to return "INDEX OF /" (they list out the directory structure) whenever a directory without a default page is requested. Again you then simply navigate to the cloaked pages.
-Use a cloak sniffing script, and if they are serving by User Agent, voila, the page is revealed. ( there are a couple of these around (littleman has one, and I believe Brett has one at searchengineworld.com).
-Then there is the biggest threat to security of any system, and that is the people running the site the script is installed on. If they were to put your IP address in their script because they believed you were a spider from one of the search engines, then net time you visit their site you would get served the search engine pages. The evils of personal spiders carrying convincing search engine agent footprint ...
