well only stuff that is actually echo'd to the browser is viewable in the source of the web page... so that'll just be the xhtml and javascript in most cases. so limit your use of javascript and use PHP whenever you can. I was going to just say "use PHP instead" but then I noticed that you do....
so as long as you code your PHP correctly, you should be able to stay pretty safe from attack. I say pretty safe, because no system will ever be 100% perfect.
with regard to your code running on other domains... if it's PHP code then that's not really possible. Well, it is... but then the thief would just spent 3 seconds deleting the line which supposedly prevented it being run on other domains. Since PHP code is open, ie. not compiled, it's always there to be viewed/edited.
If you have some specific code that you only want running on your server, then you'd probably best compiling it into an exe or something.... but running that through a web server is a bit outside of my area of expertise I'm afraid! Google will tell you, no doubt
Enter your message below
Sign in or Join us (it's free).