Not so much code is actually secret.
- A great deal of code is directly visible to users; whether compiled/minimized in a reversible fashion, or even directly as the raw script.
- A lot of the code is already open-source and available for anyone who wants it.
- In many situations, code is reviewed by outsiders: governments, vendors, auditors, lawyers, sometimes even development partners and educational institutions. Often this is under non-disclosure agreement, but when enough people know a secret, it’s not really a secret anymore.
Second, given there is some secret code, what is the value of obtaining it?
- It would be protected by copyright, meaning anyone caught using it would be liable for the utter decimation that copyright law applies to infringers.
- How much of the code is useful outside the exact environment of it’s origin?
- Is the code really unique? In many cases, it’s the concept of the software that’s visionary, and a similar implementaiton could be written easily enough.
Generally basic access control along with the threat of dire consequences for leaking code are more than adequate; given that most of the code gets exposed in other ways, and that there’s not a big payout waiting for someone who leaks code.
Certain code (particularly for security or anti-piracy systems) can be considered more sensitive, and merit additional restrictions. Usually this just means more restrictive access control, and threats of an even harsher set of consequences.