Information about making deployed code inscrutable to users
It is possible to combine the various forms of deployment with some form of encryption. Encryption will, of course, incur a performance penalty.
There are several issues here [This seems like it has likely been discussed elsewhere on the wiki - perhaps some pointers are appropriate?]
[Why Java, C, ... aren't really all that hot for security.]
[Distinguish obfuscation and full-blown encryption.]
It is practical to deliver encrypted Tcl-coded applications. Steve Blinkhorn, for example, has written, "Various of my Tclkit-based projects are delivered using blowfish encryption, with some extra attention given to the security of keys. There's nothing especially difficult about doing this with single-file Starpacks, and the actual encryption code is miniscule - I routinely build starkits with multiple versions of a mini-extension for various platforms, with little impact on the overall size. For instance, a version of tclhttpd with some custom code (including encryption) packaged up as a single-file executable with tclkit has 300Kbytes or so to spare for a document tree and still fits on a 3.5" floppy, is in live use now, doesn't crash and supports some quite complex client-server transactions with a Metakit database (the code for which, of course, comes as part of the Tclkit executable).
With a two-file (Starkit) solution, it is possible to update client software on remote sites transparently, so far as the user is concerned, and on a user-by-user basis, because the .kit file looks to the executable like a file system."
JBR: It doesn't seem possible to deliver a script that can be executed by the Tcl interpreter that cannot be viewed by a determined individual. If the boot strap application code can find and use a decryption key so can the attacker. This is the underlying and inescapable flaw in all encrypted content delivery schemes (DRM).
Kroc - It doesn't really matter because Tcl interpreter can runs strings human beings can't understand.
The Tcl interpreter runs byte code. Last I checked it can be formatted and understood.